用 jstl 的 <c:import url> 遇到 SSL 相關的問題
Posted on March 16th, 2018
在某一個 jsp 頁面使用 jstl core 直接 import 指定位置的 url 時會有問題,例如:
<c:import url="https://ihaveapen.com/ihaveanapple" />
在 macOS 本機(Apache+Tomcat) 連到用到這樣使用的 tag 的頁面時,Tomcat 會發生 SunCertPathBuilderException
(Exception 太長放最後面)
解法:
- 透過 firefox 將目前頁面的根憑證匯出 (這邊直接拿 apache ssl 指定的根憑證應該要也可以)
- 用 keytool 匯入到執行 tomcat 用的 jre 底下的 cacerts
sudo keytool -import -alias ihergo -keystore /Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/security/cacerts -file wwwihergocom.crt
- 注意: 要用 sudo 權限, 且調整 cacerts 會要求輸入密碼, 預設密碼是
changeit
- 解決方法來源 stackoverflow https://stackoverflow.com/a/36427118
- Exceptions:
2018/03/16 11:43:36 [ERROR] [com.xxxxxx.mobile.web.controller.GlobalExceptionHandler@ajp-nio-8009-exec-9]_jspService(130) jsp error on:/mobile/WEB-INF/jsp/error/error.jsp
org.apache.jasper.JasperException: javax.servlet.ServletException: javax.servlet.jsp.JspException: Problem accessing the absolute URL "https://www.xxxxxx.com/mobile/ad/banner". javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:596)
...
Caused by: javax.servlet.ServletException: javax.servlet.jsp.JspException: Problem accessing the absolute URL "https://www.xxxxxx.com/mobile/ad/banner". javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.apache.jasper.runtime.PageContextImpl.doHandlePageException(PageContextImpl.java:905)
... 81 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
... 84 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
... 101 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
... 107 more