반응형
error code
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:1.7.0_80]
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1904) ~[?:1.7.0_80]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:279) ~[?:1.7.0_80]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273) ~[?:1.7.0_80]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1446) ~[?:1.7.0_80]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:209) ~[?:1.7.0_80]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:913) ~[?:1.7.0_80]
at sun.security.ssl.Handshaker.process_record(Handshaker.java:849) ~[?:1.7.0_80]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1023) ~[?:1.7.0_80]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332) ~[?:1.7.0_80]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359) ~[?:1.7.0_80]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343) ~[?:1.7.0_80]
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:275) ~[httpclient-4.3.4.jar:4.3.4]
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:254) ~[httpclient-4.3.4.jar:4.3.4]
at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:123) ~[httpclient-4.3.4.jar:4.3.4]
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:318) ~[httpclient-4.3.4.jar:4.3.4]
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:363) ~[httpclient-4.3.4.jar:4.3.4]
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219) ~[httpclient-4.3.4.jar:4.3.4]
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195) ~[httpclient-4.3.4.jar:4.3.4]
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86) ~[httpclient-4.3.4.jar:4.3.4]
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108) ~[httpclient-4.3.4.jar:4.3.4]
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) ~[httpclient-4.3.4.jar:4.3.4]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) ~[httpclient-4.3.4.jar:4.3.4]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106) ~[httpclient-4.3.4.jar:4.3.4]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:57) ~[httpclient-4.3.4.jar:4.3.4]
at egovframework.test.www.test.web.TestController.test123(TestController.java:137) [TestController.class:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.7.0_80]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[?:1.7.0_80]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.7.0_80]
at java.lang.reflect.Method.invoke(Method.java:606) ~[?:1.7.0_80]
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:221) [spring-web-4.0.9.RELEASE.jar:4.0.9.RELEASE]
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:137) [spring-web-4.0.9.RELEASE.jar:4.0.9.RELEASE]
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104) [spring-webmvc-4.0.9.RELEASE.jar:4.0.9.RELEASE]
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:747) [spring-webmvc-4.0.9.RELEASE.jar:4.0.9.RELEASE]
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:676) [spring-webmvc-4.0.9.RELEASE.jar:4.0.9.RELEASE]
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85) [spring-webmvc-4.0.9.RELEASE.jar:4.0.9.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:938) [spring-webmvc-4.0.9.RELEASE.jar:4.0.9.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:870) [spring-webmvc-4.0.9.RELEASE.jar:4.0.9.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:961) [spring-webmvc-4.0.9.RELEASE.jar:4.0.9.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:852) [spring-webmvc-4.0.9.RELEASE.jar:4.0.9.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) [javax.servlet_1.0.0.0_2-5.jar:2.5]
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:837) [spring-webmvc-4.0.9.RELEASE.jar:4.0.9.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) [javax.servlet_1.0.0.0_2-5.jar:2.5]
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227) [weblogic.jar:10.3.6.0]
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125) [weblogic.jar:10.3.6.0]
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301) [weblogic.jar:10.3.6.0]
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26) [weblogic.jar:10.3.6.0]
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60) [BUG26519424_10360171017.jar:10.3.6.0]
at org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:176) [urlrewritefilter-4.0.3.jar:4.0.3]
at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145) [urlrewritefilter-4.0.3.jar:4.0.3]
at org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92) [urlrewritefilter-4.0.3.jar:4.0.3]
at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:394) [urlrewritefilter-4.0.3.jar:4.0.3]
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60) [BUG26519424_10360171017.jar:10.3.6.0]
at com.github.ziplet.filter.compression.CompressingFilter.doFilter(CompressingFilter.java:263) [ziplet-2.3.0.jar:?]
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60) [BUG26519424_10360171017.jar:10.3.6.0]
at egovframework.com.cmm.filter.HTMLTagFilter.doFilter(HTMLTagFilter.java:35) [HTMLTagFilter.class:?]
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60) [BUG26519424_10360171017.jar:10.3.6.0]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88) [spring-web-4.0.9.RELEASE.jar:4.0.9.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.0.9.RELEASE.jar:4.0.9.RELEASE]
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60) [BUG26519424_10360171017.jar:10.3.6.0]
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27) [weblogic.jar:10.3.6.0]
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60) [BUG26519424_10360171017.jar:10.3.6.0]
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3748) [BUG26519424_10360171017.jar:10.3.6.0]
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3714) [BUG26519424_10360171017.jar:10.3.6.0]
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) [com.bea.core.weblogic.security.identity_1.2.0.0.jar:1.2.0.0]
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120) [com.bea.core.weblogic.security.wls_1.0.0.0_6-2-0-0.jar:6.2.0.0]
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2283) [BUG26519424_10360171017.jar:10.3.6.0]
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2182) [BUG26519424_10360171017.jar:10.3.6.0]
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1499) [BUG26519424_10360171017.jar:10.3.6.0]
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:263) [BUG26519424_10360171017.jar:1.11.0.0]
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221) [BUG26519424_10360171017.jar:1.11.0.0]
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385) ~[?:1.7.0_80]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:230) ~[?:1.7.0_80]
at sun.security.validator.Validator.validate(Validator.java:260) ~[?:1.7.0_80]
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326) ~[?:1.7.0_80]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231) ~[?:1.7.0_80]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126) ~[?:1.7.0_80]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1428) ~[?:1.7.0_80]
... 66 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196) ~[?:1.7.0_80]
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268) ~[?:1.7.0_80]
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380) ~[?:1.7.0_80]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:230) ~[?:1.7.0_80]
at sun.security.validator.Validator.validate(Validator.java:260) ~[?:1.7.0_80]
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326) ~[?:1.7.0_80]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231) ~[?:1.7.0_80]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126) ~[?:1.7.0_80]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1428) ~[?:1.7.0_80]
... 66 more
상황 : https -> https로 api 호출을 하였으나 상위 에러가 발생, JAVA API 호출시 ssl 에러
- 인증서 인증기관 검증 이슈가 의심되며 클라이언트 서버에 인증기관 목록이 부족하거나 호출하는 api 쪽의 웹서버에 등록된 인증서 체인이 완전하지 않을 수 있음.
- 인증서 확인 사이트에서 호출하는 api url을 검색해봤을 때 인증서 체인 연결에 빨간색 깨진 체인 표시가 확인
이러한 경우 클라이언트에서 중간 인증서까지 모두 가지고 있지 않으면 인증기관 검증이 정상적으로 이루어지지 않을 수 있음 (www.digicert.com/help/)
원인 : SSL은 연결하려는 api url의 인증서가 신뢰하는 인증기관 인증서 목록(keystore)에 없음
해결방안1 : api 서버에서 사용하는 사설 인증서를 호출하는 쪽 서버에 등록
해결방안2 : 호출하는쪽 서버에서 사용하는 공인 인증서 구매 및 api 서버에 등록
해결방안 2로 해결
반응형
'개발의 흔적 > JAVA' 카테고리의 다른 글
| [오류] 스프링 ajax controller 접근 전 response 500 error (0) | 2022.03.24 |
|---|---|
| [오류] java.io.IOException: java.io.IOException: Unexpected output data (0) | 2022.03.24 |
| poi를 활용한 엑셀 다운로드(다른 이름으로 저장) 폴더 및 파일 명 지정 (0) | 2021.01.19 |
| 전자정부프레임워크 maven 클린 프로젝트 클린 리빌드 (0) | 2021.01.13 |
| 전자정부 프레임워크에서 log 커스터마이징 하기 (0) | 2019.09.05 |