在 post 请求发送电子邮件 API 的 mailgun 期间,使用 java 网络应用程序显示错误
During post request on send email API of mailgun it shows error using java web application
我正在使用 mailgun 发送电子邮件,但从前一天开始,它在 POST 请求电子邮件发送 api 期间显示错误,因为 below.I 正在使用 java/spring/AWS 到我的网站app.I 尝试重新启动应用程序并检查证书是否已在信任库中,但我们从未生成信任库密钥。
com.mashape.unirest.http.exceptions.UnirestException:javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX 路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到请求目标的有效证书路径
在 com.mashape.unirest.http.HttpClientHelper.request(HttpClientHelper.java:143)
在 com.mashape.unirest.request.BaseRequest.asJson(BaseRequest.java:68)
我们遇到同样的问题 (java)。
以下是 Mailgun 支持人员所说的:
Hello,
Thank you for reaching out to us in regards to our SSL certification renewal, >which are now fully completed. This update was pushed out to correct numerous >certificates that did not comply with the industry-developed CA/Browser Forum >Baseline Requirements by Symantec’s PKI business. You can read more about this >here.
Now that the updates have been completed, if you’re still having difficulties >sending, we can provide some suggestions to get your application back up and >running.
If you’re utilizing PHP-
1) Download the latest CA certificates from (https://curl.haxx.se/docs/caextract.html) This is an extract of a list of certificates vetted by Mozilla.
2) Set the path to the CA certificates in the .htaccess file with a directive like the following:
php_value curl.cainfo "/path/to/cacert.pem"
If you have access to your php.ini file, you can modify this value globally by setting curl.cainfo = "/path/to/cacert.pem"
If you’re utilizing cURL-
_Ubuntu users:_https://askubuntu.com/questions/646594/how-to-fix-ca-cert-issues-with-curl-in-ubuntu-14-04
RedHat users: https://serverfault.com/questions/394815/how-to-update-curl-ca-bundle-on-redhat
Be sure to restart your sending application after updating.
If a restart of your application does not clear the issue, the certificate cache may need to be cleared. Here is some additional information as to how this might be accomplished for you:
Because every sending application is be different, the exact method for updating the certifications/restarting your sending application may vary for you. If none of these options worked, some independent research might be needed for the update/restart method applicable to you.
While these suggestions are meant to help resolve the issues you are experiencing, making certain changes to your environment can always cause further issues with your application. We highly recommend making these changes in a non-production environment prior to releasing into production. These are only intended as suggested fixes and in no-way guarantee that this will fix the issue, further steps may need to be taken depending on your specific environment. As always Mailgun will always do our best to answer any questions that you may have, but there are limitations in the support we can provide.
Thanks,
Keith@MG
重新启动应用程序未能解决问题。我正在尝试查找他们使用的是哪个 CA,看看我们是否可以将其导入 trustore。
1 月 22 日,由于 Symantec 的 PKI 基础设施设置为不受信任,我们更新了 SSL 证书。 Java 的某些旧版本没有 "DigiCert Global Root G2" CA。
有几种选择:
- 将 "DigiCert Global Root G2" CA 导入您的 "cacerts" 文件。
- 将您的 JRE 升级到 8u91(或更高版本),其中包括此根目录。
要导入 "DigiCert Global Root G2" 您可以从 https://www.digicert.com/digicert-root-certificates.htm 下载根目录。确保您下载的是正确的根证书。
下载证书后,您需要使用如下命令将其导入:
keytool -import -trustcacerts -keystore /path/to/cacerts -storepass changeit -noprompt -alias digicert-global-root-g2 -file /path/to/digicert.crt
您需要设置 Java 密钥库的路径和下载的根证书的位置。
我正在使用 mailgun 发送电子邮件,但从前一天开始,它在 POST 请求电子邮件发送 api 期间显示错误,因为 below.I 正在使用 java/spring/AWS 到我的网站app.I 尝试重新启动应用程序并检查证书是否已在信任库中,但我们从未生成信任库密钥。
com.mashape.unirest.http.exceptions.UnirestException:javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX 路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到请求目标的有效证书路径 在 com.mashape.unirest.http.HttpClientHelper.request(HttpClientHelper.java:143) 在 com.mashape.unirest.request.BaseRequest.asJson(BaseRequest.java:68)
我们遇到同样的问题 (java)。 以下是 Mailgun 支持人员所说的:
Hello,
Thank you for reaching out to us in regards to our SSL certification renewal, >which are now fully completed. This update was pushed out to correct numerous >certificates that did not comply with the industry-developed CA/Browser Forum >Baseline Requirements by Symantec’s PKI business. You can read more about this >here.
Now that the updates have been completed, if you’re still having difficulties >sending, we can provide some suggestions to get your application back up and >running.
If you’re utilizing PHP- 1) Download the latest CA certificates from (https://curl.haxx.se/docs/caextract.html) This is an extract of a list of certificates vetted by Mozilla. 2) Set the path to the CA certificates in the .htaccess file with a directive like the following:
php_value curl.cainfo "/path/to/cacert.pem"If you have access to your php.ini file, you can modify this value globally by settingcurl.cainfo = "/path/to/cacert.pem"If you’re utilizing cURL- _Ubuntu users:_https://askubuntu.com/questions/646594/how-to-fix-ca-cert-issues-with-curl-in-ubuntu-14-04 RedHat users: https://serverfault.com/questions/394815/how-to-update-curl-ca-bundle-on-redhat Be sure to restart your sending application after updating.
If a restart of your application does not clear the issue, the certificate cache may need to be cleared. Here is some additional information as to how this might be accomplished for you:
Because every sending application is be different, the exact method for updating the certifications/restarting your sending application may vary for you. If none of these options worked, some independent research might be needed for the update/restart method applicable to you.
While these suggestions are meant to help resolve the issues you are experiencing, making certain changes to your environment can always cause further issues with your application. We highly recommend making these changes in a non-production environment prior to releasing into production. These are only intended as suggested fixes and in no-way guarantee that this will fix the issue, further steps may need to be taken depending on your specific environment. As always Mailgun will always do our best to answer any questions that you may have, but there are limitations in the support we can provide.
Thanks, Keith@MG
重新启动应用程序未能解决问题。我正在尝试查找他们使用的是哪个 CA,看看我们是否可以将其导入 trustore。
1 月 22 日,由于 Symantec 的 PKI 基础设施设置为不受信任,我们更新了 SSL 证书。 Java 的某些旧版本没有 "DigiCert Global Root G2" CA。
有几种选择:
- 将 "DigiCert Global Root G2" CA 导入您的 "cacerts" 文件。
- 将您的 JRE 升级到 8u91(或更高版本),其中包括此根目录。
要导入 "DigiCert Global Root G2" 您可以从 https://www.digicert.com/digicert-root-certificates.htm 下载根目录。确保您下载的是正确的根证书。
下载证书后,您需要使用如下命令将其导入:
keytool -import -trustcacerts -keystore /path/to/cacerts -storepass changeit -noprompt -alias digicert-global-root-g2 -file /path/to/digicert.crt
您需要设置 Java 密钥库的路径和下载的根证书的位置。