[JAVA] It's a proxy festival ☆ Wasshoi!

prologue

PKIX path building failed when debugging ~ Yes ~? It was working normally until yesterday. However, this has happened before, so it can be solved quickly. In retrospect, this was the beginning of misery. (Time required 12 hours)

1. Certificate error resolution (no proxy)

aws.png

In the AWS environment, PKIX path building failed ~ occurred when trying to connect to the Internet from EC2 with similar non-SSL, so I registered a non-SSL certificate similar to java and solved it.

PKIX path building failed: Add SSL certificate to java

2. Resolution of certificate error (with proxy) ⇒ Failure!

local2.png

I couldn't connect from my local PC, and PKIX path building failed ~ was displayed, so I registered a similar non-SSL certificate without any doubt. This is the beginning of misery.

2.1 Register, register & register certificate

I've been using eclipse for 10 years, and I didn't know that there is an eclipse jre other than jdk and jre.

When creating a gradle project in Eclipse, if it fails due to a certificate error

You can't register a certificate in jdk's cacerts, you can't register a certificate in jre's cacerts. When I found this, I was debugging with tomcat, so it was a response, but it is useless.

2.2 Exp & imp the certificate

From the management of the certificate of the control panel, exp & imp, exp & imp, ...

3. Immutable error resolution

There are several, but here's a surefire way to solve them.

3.1 Build a minimum configuration that reproduces the event

In this case, if I could confirm the following two points, I would not have been addicted to the quagmire.

-Is it a specific site that does not connect to the Internet?

--Can you connect with something other than java?

・ Is it a specific site that does not connect to the Internet? It was a mistake to assume that the first access was a google api and that it was more secure. I couldn't connect even with yahoo. It was spring boot, but I extracted only the part connected by URLConnection and confirmed it with plain java.

・ Can you connect with other than java? The first access was GET, so when I accessed it with a browser, I was connected. I confirmed that Ichiou node can also connect.

It was strange to register a "similar non-SSL certificate" in java because it's mostly through a proxy.

そもそも

4. Resolve certificate error (with proxy) ⇒ Resolve

I got my neighbor's jdk cacerts and overwrote it (^^;

I also saw the list registered in cacerts, but it's long and I don't know which one to fix ... 3.1 I was convinced that jdk's cacerts were wrong in building the minimum configuration that the event reproduces, so I overwrote it without hesitation.

epilogue

I gave priority to the solution without knowing the cause. I don't know about java ca. I have a regret, but here

java trouble

proxy

I would like to close it with. (By the way, the original renovation was completed in 30 minutes)

It's hard to say "similar non-SSL". Ess SSL Isn't it okay with Se Se Se Se Se Se Se?

Recommended Posts

It's a proxy festival ☆ Wasshoi!
[Ruby] It's a convenient guy ~ before_action ~