我在创建后缀的时候遇到了证书错误
a5825799 opened this issue · comments
./nomulus -e ALPHA create_tld example --roid_suffix EXAMPLE --initial_tld_state GENERAL_AVAILABILITY --tld_type TEST
Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
我是按照文档一步步走的,您能帮我查询一下是什么原因么?
There's not a lot of information provided here to go on. From the error message, it could be that you are using some custom trust store that interfere with the JVM's ability to validate the certificate path. It is unlikely that the nomulus endpoint is serving a wrong cert as that is managed by App Engine itself. Can you paste the full stacktrace?
Also, what steps have you performed so far?
PathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1964)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:757)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
at com.google.appengine.repackaged.org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(Unknown Source)
at com.google.appengine.repackaged.org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.flushRequestOutputStream(Unknown Source)
at com.google.appengine.repackaged.org.apache.commons.httpclient.HttpMethodBase.writeRequest(Unknown Source)
at com.google.appengine.repackaged.org.apache.commons.httpclient.HttpMethodBase.execute(Unknown Source)
at com.google.appengine.repackaged.org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(Unknown Source)
at com.google.appengine.repackaged.org.apache.commons.httpclient.HttpMethodDirector.executeMethod(Unknown Source)
at com.google.appengine.repackaged.org.apache.commons.httpclient.HttpClient.executeMethod(Unknown Source)
at com.google.appengine.repackaged.org.apache.commons.httpclient.HttpClient.executeMethod(Unknown Source)
at com.google.appengine.tools.remoteapi.StandaloneAppEngineClient.doGet(StandaloneAppEngineClient.java:44)
at com.google.appengine.tools.remoteapi.StandaloneAppEngineClient.get(StandaloneAppEngineClient.java:34)
at com.google.appengine.tools.remoteapi.RemoteApiInstaller.getAppIdFromServer(RemoteApiInstaller.java:411)
at com.google.appengine.tools.remoteapi.RemoteApiInstaller.loginImpl(RemoteApiInstaller.java:374)
at com.google.appengine.tools.remoteapi.RemoteApiInstaller.login(RemoteApiInstaller.java:335)
at com.google.appengine.tools.remoteapi.RemoteApiInstaller.install(RemoteApiInstaller.java:171)
at google.registry.tools.RegistryCli.runCommand(RegistryCli.java:202)
at google.registry.tools.RegistryCli.run(RegistryCli.java:152)
at google.registry.tools.RegistryTool.main(RegistryTool.java:131)
Suppressed: java.lang.IllegalArgumentException: remote API is already uninstalled
at com.google.appengine.tools.remoteapi.RemoteApiInstaller.uninstall(RemoteApiInstaller.java:253)
at google.registry.tools.RegistryCli.close(RegistryCli.java:163)
at google.registry.tools.RegistryTool.main(RegistryTool.java:132)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
at sun.security.validator.Validator.validate(Validator.java:262)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
... 26 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
... 32 more
So it does look like that when the nomulus tool tries to make an HTTPS call to the GAE endpoint, the SSL handshake fails. I think we just use the default system trust store. Like I said before it might be some custom settings in your OS that interferes with the JDK SSL library's ability to correctly find the certificate path. Can you try the same setup on a different machine to rule this out?