Edit :- Tried to format the question and accepted answer in more presentable way at mine Blog
(编辑:-试图在我的博客上以更恰当的方式设置问题和接受的答案的格式)
Here is the original issue.
(这是原始问题。)
I am getting this error:
(我收到此错误:)
detailed message sun.security.validator.ValidatorException: PKIX path building failed:
(详细消息sun.security.validator.ValidatorException:PKIX路径构建失败:)
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
(sun.security.provider.certpath.SunCertPathBuilderException:无法找到到请求目标的有效证书路径)
cause javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
(导致javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:找不到指向所请求目标的有效证书路径)
I am using Tomcat 6 as webserver.
(我正在使用Tomcat 6作为Web服务器。)
I have two HTTPS web applications installed on different Tomcats on different ports but on the same machine. (我有两个HTTPS Web应用程序安装在不同端口上但在同一台机器上的不同Tomcat上。)
Say App1(port 8443) and App2(port 443) . (说出App1(port 8443)和App2(port 443) 。)
App1 connects to App2 . (App1连接到App2 。)
When App1 connects to App2 I get the above error. (当App1连接到App2 ,出现上述错误。)
I know this is a very common error so came across many solutions on different forums and sites. (我知道这是一个非常常见的错误,因此在不同的论坛和站点上遇到了许多解决方案。)
I have the below entry in server.xml of both Tomcats: (我在两个Tomcat的server.xml中都有以下条目:)
keystoreFile="c:/.keystore"
keystorePass="changeit"
Every site says the same reason that certificate given by app2 is not in the trusted store of app1 jvm.
(每个站点都表示由app2颁发的证书不在app1 jvm的受信任存储区中的相同原因。)
This seems to be true also when I tried to hit the same URL in IE browser, it works (with warming, There is a problem with this web site's security certificate. Here I say continue to this website). (当我尝试在IE浏览器中命中相同的URL时,这似乎也是正确的(正常运行,此网站的安全证书有问题。在这里我说继续浏览此网站)。)
But when same URL is hit by Java client (in my case) I get the above error. (但是,当Java客户端(在我的情况下)击中相同的URL时,会出现上述错误。)
So to put it in the truststore I tried these three options: (因此,将其放入信任库中,我尝试了以下三个选项:)
Option1
(选项1)
System.setProperty("javax.net.ssl.trustStore", "C:/.keystore");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
Option2 Setting below in environment variable
(Option2在环境变量中进行以下设置)
CATALINA_OPTS -- param name
-Djavax.net.ssl.trustStore=C:.keystore -Djavax.net.ssl.trustStorePassword=changeit ---param value
Option3 Setting below in environment variable
(Option3在环境变量中进行以下设置)
JAVA_OPTS -- param name
-Djavax.net.ssl.trustStore=C:.keystore -Djavax.net.ssl.trustStorePassword=changeit ---param value
But nothing worked .
(但是没有任何效果 。)
What at last worked is executing the Java approach suggested in How to handle invalid SSL certificates with Apache HttpClient?
(最后执行的工作是执行如何使用Apache HttpClient处理无效的SSL证书中建议的Java方法?)
by Pascal Thivent ie executing the program InstallCert. (由Pascal Thivent编写,即执行程序InstallCert。)
But this approach is fine for devbox setup but I can not use it at production environment.
(但是这种方法对于devbox设置来说很好,但是我不能在生产环境中使用它。)
I am wondering why three approaches mentioned above did not work when I have mentioned the same values in server.xml of app2 server and same values in truststore by setting
(我想知道为什么我通过设置app2 server.xml的相同值和truststore中的相同值时上述三种方法不起作用)
System.setProperty("javax.net.ssl.trustStore", "C:/.keystore") and System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
in app1 program.
(在app1程序中。)
For more information this is how I am making the connection:
(有关更多信息,这是我进行连接的方式:)
URL url = new URL(urlStr);
URLConnection conn = url.openConnection();
if (conn instanceof HttpsURLConnection) {
HttpsURLConnection conn1 = (HttpsURLConnection) url.openConnection();
conn1.setHostnameVerifier(new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
reply.load(conn1.getInputStream());
ask by M Sach translate from so 
