" javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径构建失败:" 这意味着服务器没有来自授权CA的有效证书.

"javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed:" It means the server does not have a valid certificate from an Authorized CA.

您正面临此异常，因为您尝试通过SSL(https)连接.您需要将服务器证书导入JRE KeyStore.

You are facing this exception because you are try to connect through SSL (https). You would need to import the server certificate into the JRE KeyStore.

执行以下步骤来解决它:

Perform the following steps to resolve it:

获取证书:输入URL(例如 https://server.ensarm.com:8443 /openam/namingservice ).

Getting the certificate: Type the URL (e.g. https://server.ensarm.com:8443/openam/namingservice) in your browser.

1. 您现在可能会看到一个对话框，警告您有关证书的信息.现在，单击查看证书"并安装证书.忽略任何警告消息.
2. 下一步将是安装导出证书并将其安装在jre密钥库中.使用keytool证书管理实用程序来执行此http://download.oracle.com/javase/1.3/docs/tooldocs/win32/keytool.html.
3. 导出证书:转到工具"->"Internet选项"->内容"->证书".打开证书后，在受信任的根证书颁发机构"下找到刚刚安装的证书.选择正确的证书，然后单击导出".您现在可以将其(DER编码的二进制文件)保存为mycert.cer.
4. 转到JRE \ BIN，然后使用keytool -import命令将文件导入到cacerts密钥库中. 例如. keytool --import -alias MYCA -keystore .. \ lib \ security \ cacerts -file c:\ mycert.cer. 输入密钥库密码:(默认情况下为"changeit".)在提示中输入是".
5. 运行命令keytool -list -keystore .. \ lib \ security \ cacerts.现在，您将看到所有证书的列表，包括刚刚添加的证书.

1. You will now probably see a dialog box warning you about the certificate. Now click on the 'View Certificate' and install the certificate. Ignore any warning messages.
2. Next step would be to install export the certificate and installing it in the jre keystore. Use keytool certificate management utility to perform thishttp://download.oracle.com/javase/1.3/docs/tooldocs/win32/keytool.html .
3. Exporting certificate: Go to Tools->'Internet Options' ->Content->Certificates. Once you open the certificates, locate the one you just installed under 'Trusted Root Certification Authorities". Select the right one and click on 'export'. You can now save it (DER encoded binary) as e.g. mycert.cer.
4. Go to JRE\BIN and use the keytool -import command to import the file into your cacerts keystore. E.g. keytool --import -alias MYCA -keystore ..\lib\security\cacerts -file c:\mycert.cer. Enter keystore password: (by default it will be "changeit").Input "yes" to the prompts.
5. Run command keytool -list -keystore ..\lib\security\cacerts . You will now see a list of all the certificates including the one you just added.