반응형

PKIX path building failed 오류 해결법

java HTTPS 통신 시도 시 아래의 에러가 발생하는 경우

 

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

 

java에서 HTTPS 요청을 보내는 과정에서 SSL 인증서를 신뢰할 수 없기 때문에 발생

1. 인증서 추가

2. java 코드로 인증서 무시

SSL 인증서 없이 HTTPS 통신하는 법(java 코드로 인증서 무시)

RestClient 사용 기준

package lrs.lrs.config;

import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
import org.apache.hc.client5.http.impl.classic.HttpClients;
import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder;
import org.apache.hc.client5.http.ssl.DefaultClientTlsStrategy;
import org.apache.hc.client5.http.ssl.TlsSocketStrategy;
import org.apache.hc.core5.ssl.SSLContextBuilder;
import org.apache.hc.core5.ssl.TrustStrategy;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.web.client.RestClient;

import javax.net.ssl.SSLContext;
import java.security.cert.X509Certificate;

@Configuration
public class RestClientConfig {

    @Bean
    public RestClient restClient() throws Exception{
        return RestClient.builder()
                .requestFactory(customRequestFactory())
                .build();
    }

    private HttpComponentsClientHttpRequestFactory customRequestFactory() throws Exception{

        // 1. 모든 인증서를 신뢰하는 TrustStrategy 설정
        TrustStrategy acceptingTrustStrategy = (X509Certificate[] chain, String authType) -> true;

        // 2. SSLContext 를 생성하여 모든 인증서를 신뢰하도록 설정
        SSLContext sslContext = SSLContextBuilder.create()
                .loadTrustMaterial(null, acceptingTrustStrategy)
                .build();

        // 3. TlsSocketStrategy 적용
        TlsSocketStrategy tlsStrategy = new DefaultClientTlsStrategy(sslContext);

        // 4. Apache HttpClient 5에 SSL 설정 적용
        CloseableHttpClient httpClient = HttpClients.custom()
              .setConnectionManager(PoolingHttpClientConnectionManagerBuilder.create()
                        .setTlsSocketStrategy(tlsStrategy)
                        .build())
                .build();// SSL 인증 무시 설정

        HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory(httpClient);
        factory.setConnectTimeout(5000); // 연결 타임아웃 (ms)
        factory.setReadTimeout(5000); // 응답 읽기 타임아웃 (ms)
        return factory;
    }
}

 

 

반응형

'BackEnd' 카테고리의 다른 글

Swagger 기본 설정 및 Nginx 설정  (0) 2025.04.30
Spring JPA 관련 Annotation 및 설명  (0) 2025.01.27

티스토리툴바