从 URL 获取数据时，PKIX 路径构建失败

Question

我正在尝试按如下方式获取数据（由 API 指示）：

HttpResponse<String> response = Unirest.get("https://opendata.aemet.es/opendata/api/valores/climatologicos/diarios/datos/fechaini/2017-08-16T00:00:00UTC/fechafin/2017-08-17T23:59:59UTC/estacion/2422/?api_key=eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJqb3NoZXJAY2FydGlmLmVzIiwianRpIjoiZWM3MDkxMzItNTE0ZC00OGZjLTljMjMtYTBiMzVjNTllYzdjIiwiZXhwIjoxNTEwNzMxMzU4LCJpc3MiOiJBRU1FVCIsImlhdCI6MTUwMjk1NTM1OCwidXNlcklkIjoiZWM3MDkxMzItNTE0ZC00OGZjLTljMjMtYTBiMzVjNTllYzdjIiwicm9sZSI6IiJ9.WSVaE3C9TFMMa8x1mUvHpt1-n3Cgy3p7r2DaflSm9VU")
              .header("cache-control", "no-cache")
              .asString();

然而，当我执行代码时，抛出了一个异常：

Exception in thread "main" com.mashape.unirest.http.exceptions.UnirestException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at com.mashape.unirest.http.HttpClientHelper.request(HttpClientHelper.java:143)
    at com.mashape.unirest.request.BaseRequest.asString(BaseRequest.java:56)
    at eu.cartif.meteo.Weather_Meteo.main(Weather_Meteo.java:38)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
    at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
    at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
    at sun.security.ssl.Handshaker.processLoop(Unknown Source)
    at sun.security.ssl.Handshaker.process_record(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396)
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355)
    at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
    at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:359)
    at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381)
    at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)
    at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)
    at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
    at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111)
    at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
    at com.mashape.unirest.http.HttpClientHelper.request(HttpClientHelper.java:138)
... 2 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
    at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
    at sun.security.validator.Validator.validate(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 24 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
    at java.security.cert.CertPathBuilder.build(Unknown Source)
... 30 more    

我也尝试通过 keytool 导入证书，但我收到一条消息说“文件密钥库不存在”。

有人支持我吗？提前致谢

Answer 1

使用浏览器的 5 秒给了我所有这些信息：

Your connection is not secure

The owner of opendata.aemet.es has configured their web site improperly. To protect your information from being stolen, Firefox has not connected to this web site.

Learn more…

Report errors like this to help Mozilla identify and block malicious sites

opendata.aemet.es uses an invalid security certificate.

The certificate is not trusted because the issuer certificate is unknown.
The server might not be sending the appropriate intermediate certificates.
An additional root certificate may need to be imported.

Error code: SEC_ERROR_UNKNOWN_ISSUER

Answer 2

我使用unirest的版本是3.1.02， Maven 配置是：

<dependency>
   <groupId>com.konghq</groupId>
   <artifactId>unirest-java</artifactId>
   <version>3.1.02</version>
   <classifier>standalone</classifier>
</dependency>

我看到kong.unirest.UnirestException: javax.net.ssl.SSLHandshakeException。 当我配置Unirest.config().verifySsl(false); 时，异常消失了