PKIX path building failed

https://blog.csdn.net/catoop/article/details/80819638

https://www.oschina.net/question/12_19249

 

 

問題
java使用httpclient或者restTemplate進行https請求時，出現以下異常：

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:359)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
at com.shanhy.zhongxin.module.a919.CreateOrderService.postXXX(CreateOrderService.java:275)
at com.shanhy.zhongxin.module.a919.CreateOrderService.main(CreateOrderService.java:203)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
... 21 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
... 27 more

 

或者用zuul跳轉到另一個https的連接的時候報以下錯誤

 

2019-05-27 17:07:44.341 WARN 6597 --- [nio-8443-exec-6] o.s.c.n.z.filters.post.SendErrorFilter : Error during filtering

com.netflix.zuul.exception.ZuulException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.springframework.cloud.netflix.zuul.util.ZuulRuntimeException.<init>(ZuulRuntimeException.java:33) ~[spring-cloud-netflix-core-1.4.6.RELEASE.jar:1.4.6.RELEASE]
at org.springframework.cloud.netflix.zuul.filters.route.SimpleHostRoutingFilter.run(SimpleHostRoutingFilter.java:212) ~[spring-cloud-netflix-core-1.4.6.RELEASE.jar:1.4.6.RELEASE]
at com.netflix.zuul.ZuulFilter.runFilter(ZuulFilter.java:117) ~[zuul-core-1.3.1.jar:1.3.1]
at com.netflix.zuul.FilterProcessor.processZuulFilter(FilterProcessor.java:193) ~[zuul-core-1.3.1.jar:1.3.1]
at com.netflix.zuul.FilterProcessor.runFilters(FilterProcessor.java:157) ~[zuul-core-1.3.1.jar:1.3.1]
at com.netflix.zuul.FilterProcessor.route(FilterProcessor.java:118) ~[zuul-core-1.3.1.jar:1.3.1]
at com.netflix.zuul.ZuulRunner.route(ZuulRunner.java:96) ~[zuul-core-1.3.1.jar:1.3.1]
at com.netflix.zuul.http.ZuulServlet.route(ZuulServlet.java:116) ~[zuul-core-1.3.1.jar:1.3.1]
at com.netflix.zuul.http.ZuulServlet.service(ZuulServlet.java:81) ~[zuul-core-1.3.1.jar:1.3.1]
at org.springframework.web.servlet.mvc.ServletWrappingController.handleRequestInternal(ServletWrappingController.java:157) [spring-webmvc-4.3.24.RELEASE.jar:4.3.24.RELEASE]
at org.springframework.cloud.netflix.zuul.web.ZuulController.handleRequest(ZuulController.java:44) [spring-cloud-netflix-core-1.4.6.RELEASE.jar:1.4.6.RELEASE]
at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:50) [spring-webmvc-4.3.24.RELEASE.jar:4.3.24.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:967) [spring-webmvc-4.3.24.RELEASE.jar:4.3.24.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901) [spring-webmvc-4.3.24.RELEASE.jar:4.3.24.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970) [spring-webmvc-4.3.24.RELEASE.jar:4.3.24.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861) [spring-webmvc-4.3.24.RELEASE.jar:4.3.24.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:635) [servlet-api.jar:na]
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846) [spring-webmvc-4.3.24.RELEASE.jar:4.3.24.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:742) [servlet-api.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) [catalina.jar:8.5.41]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.41]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) [tomcat-websocket.jar:8.5.41]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.41]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.41]
at org.springframework.boot.web.filter.ApplicationContextHeaderFilter.doFilterInternal(ApplicationContextHeaderFilter.java:55) [spring-boot-1.5.21.RELEASE.jar:1.5.21.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.24.RELEASE.jar:4.3.24.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.41]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.41]
at org.springframework.boot.actuate.trace.WebRequestTraceFilter.doFilterInternal(WebRequestTraceFilter.java:111) [spring-boot-actuator-1.5.21.RELEASE.jar:1.5.21.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.24.RELEASE.jar:4.3.24.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.41]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.41]
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) [spring-web-4.3.24.RELEASE.jar:4.3.24.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.24.RELEASE.jar:4.3.24.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.41]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.41]
at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109) [spring-web-4.3.24.RELEASE.jar:4.3.24.RELEASE]

 

解決方法
一、運行以下java文件（InstallCert.java），生成 jssecacerts 文件。
二、而後將生成的 jssecacerts 文件，拷貝到jdk中，目錄位置：%JAVA_HOME%\jre\lib\security
（例如D:\Program Files\Java\jdk1.8.0_131\jre\lib\security）

package com.shanhy.zhongxin.module;

/*
* Copyright 2006 Sun Microsystems, Inc. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* - Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* - Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* - Neither the name of Sun Microsystems nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
* IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/**
* 使用方法
* 1.先編譯成class文件，再執行java InstallCert shanhytest.com.cn
* 2.直接執行java源碼，main方法開始手動設置 args = new String[]{"shanhytest.com.cn"};，而後運行
*
*/
public class InstallCert {

public static void main(String[] args) throws Exception {
// args = new String[]{"shanhytest.com.cn"};

String host;
int port;
char[] passphrase;
if ((args.length == 1) || (args.length == 2)) {
String[] c = args[0].split(":");
host = c[0];
port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);
String p = (args.length == 1) ? "changeit" : args[1];
passphrase = p.toCharArray();
} else {
System.out.println("Usage: java InstallCert <host>[:port] [passphrase]");
return;
}

File file = new File("jssecacerts");
if (file.isFile() == false) {
char SEP = File.separatorChar;
File dir = new File(System.getProperty("java.home") + SEP + "lib" + SEP + "security");
file = new File(dir, "jssecacerts");
if (file.isFile() == false) {
file = new File(dir, "cacerts");
}
}
System.out.println("Loading KeyStore " + file + "...");
InputStream in = new FileInputStream(file);
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(in, passphrase);
in.close();

SSLContext context = SSLContext.getInstance("TLS");
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ks);
X509TrustManager defaultTrustManager = (X509TrustManager) tmf.getTrustManagers()[0];
SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);
context.init(null, new TrustManager[] { tm }, null);
SSLSocketFactory factory = context.getSocketFactory();

System.out.println("Opening connection to " + host + ":" + port + "...");
SSLSocket socket = (SSLSocket) factory.createSocket(host, port);
socket.setSoTimeout(10000);
try {
System.out.println("Starting SSL handshake...");
socket.startHandshake();
socket.close();
System.out.println();
System.out.println("No errors, certificate is already trusted");
} catch (SSLException e) {
System.out.println();
e.printStackTrace(System.out);
}

X509Certificate[] chain = tm.chain;
if (chain == null) {
System.out.println("Could not obtain server certificate chain");
return;
}

BufferedReader reader = new BufferedReader(new InputStreamReader(System.in));

System.out.println();
System.out.println("Server sent " + chain.length + " certificate(s):");
System.out.println();
MessageDigest sha1 = MessageDigest.getInstance("SHA1");
MessageDigest md5 = MessageDigest.getInstance("MD5");
for (int i = 0; i < chain.length; i++) {
X509Certificate cert = chain[i];
System.out.println(" " + (i + 1) + " Subject " + cert.getSubjectDN());
System.out.println(" Issuer " + cert.getIssuerDN());
sha1.update(cert.getEncoded());
System.out.println(" sha1 " + toHexString(sha1.digest()));
md5.update(cert.getEncoded());
System.out.println(" md5 " + toHexString(md5.digest()));
System.out.println();
}

System.out.println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");
String line = reader.readLine().trim();
int k;
try {
k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;
} catch (NumberFormatException e) {
System.out.println("KeyStore not changed");
return;
}

X509Certificate cert = chain[k];
String alias = host + "-" + (k + 1);
ks.setCertificateEntry(alias, cert);

OutputStream out = new FileOutputStream("jssecacerts");
ks.store(out, passphrase);
out.close();

System.out.println();
System.out.println(cert);
System.out.println();
System.out.println("Added certificate to keystore 'jssecacerts' using alias '" + alias + "'");
}

private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();

private static String toHexString(byte[] bytes) {
StringBuilder sb = new StringBuilder(bytes.length * 3);
for (int b : bytes) {
b &= 0xff;
sb.append(HEXDIGITS[b >> 4]);
sb.append(HEXDIGITS[b & 15]);
sb.append(' ');
}
return sb.toString();
}

private static class SavingTrustManager implements X509TrustManager {

private final X509TrustManager tm;
private X509Certificate[] chain;

SavingTrustManager(X509TrustManager tm) {
this.tm = tm;
}

public X509Certificate[] getAcceptedIssuers() {
throw new UnsupportedOperationException();
}

public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
throw new UnsupportedOperationException();
}

public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
this.chain = chain;
tm.checkServerTrusted(chain, authType);
}
}

}











注意事項
假設以前爲了別的域名生成過 jssecacerts 文件，如今又要添加其餘域名到 jdk 證書，此時若是你直接從新生成 jssecacerts 文件，而後覆蓋到 %JAVA_HOME%\jre\lib\security 中。則以前的域名信息就會丟失。
基於這種狀況，你須要按以下方法操做：
一、運行 InstallCert 生成 jssecacerts （這步是爲了知道 InstallCert 生成 jssecacerts 的位置）
二、拷貝原來的 %JAVA_HOME%\jre\lib\security\jssecacerts 文件，替換剛剛生成的 jssecacerts 文件
三、再從新運行 InstallCert 將新的域名，追加到 jssecacerts 中
總體來講，其實就是一個追加 host 的過程。

PS：操做以前注意備份，而且 jssecacerts 是一個固定的名字，不要隨意修改。

 

 

執行這個程序以下：

[root@pingfederate apache_sso]# java com.hp.nova.InstallCert 15.31.213.183:443
Loading KeyStore jssecacerts...
Opening connection to 15.31.213.183:443...
Starting SSL handshake...

javax.net.ssl.SSLException: java.lang.UnsupportedOperationException
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1903)
at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1886)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1402)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)
at com.hp.nova.InstallCert.main(InstallCert.java:106)
Caused by: java.lang.UnsupportedOperationException
at com.hp.nova.InstallCert$SavingTrustManager.getAcceptedIssuers(InstallCert.java:186)
at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1204)
at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1150)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:1092)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)
... 2 more

Server sent 1 certificate(s):

1 Subject EMAILADDRESS=admin@hp.com, CN=15.31.213.183, OU=hp, O=hp, L=ChongQing, ST=ChongQing, C=CN
Issuer EMAILADDRESS=hp@admin.con, OU=hp, O=hp, L=ChongQing, ST=ChongQing, C=CN
sha1 6e 08 e3 56 1f d7 79 26 2d 5b eb 7b b9 ea f9 cc a7 e3 47 b5
md5 1a 28 9d aa fa e0 d3 1e 81 d2 b3 90 c3 95 f0 14

Enter certificate to add to trusted keystore or 'q' to quit: [1]

[
[
Version: V3
Subject: EMAILADDRESS=admin@hp.com, CN=15.31.213.183, OU=hp, O=hp, L=ChongQing, ST=ChongQing, C=CN
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

Key: Sun RSA public key, 2048 bits
modulus: 21591546345911062373461170751860315252368619783723111217865555929312064469088692537794462901373251403243449300401102406572807843329180083734293996467529974407718854895346533830233082176421442738734562369693357025640288121961040207802965772523020509699022235097469209381003585267783493235383002040908541527219674712508198954116577729554504559917478095500213105390854540427424763781402084916691208691978191389970789236608205900154932681790435889569266788518113274704534848266248701557437114213949408441539820131114978463559070388100190151126361382488763541405718438178110526144445281594172512023107665180529080784277059
public exponent: 65537
Validity: [From: Tue Apr 30 12:35:41 CST 2019,
To: Fri Apr 27 12:35:41 CST 2029]
Issuer: EMAILADDRESS=hp@admin.con, OU=hp, O=hp, L=ChongQing, ST=ChongQing, C=CN
SerialNumber: [ 9dbfc9d0 c79293fc]

Certificate Extensions: 3
[1]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]

[2]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
]

[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: localhost
DNSName: hp.example.com
IPAddress: 15.31.213.183
IPAddress: 15.31.213.239
IPAddress: 15.31.213.3
IPAddress: 15.31.213.44
IPAddress: 15.31.213.137
IPAddress: 15.99.72.161
IPAddress: 15.99.72.162
IPAddress: 15.99.72.163
IPAddress: 15.31.213.106
]

]
Algorithm: [SHA256withRSA]
Signature:
0000: 5F 9B D4 FA 08 3C 93 53 A2 07 EB AE C5 C5 BE A1 _....<.S........
0010: 13 DB CA 08 1F 89 8E F3 F9 F4 ED BA 9E 42 5C 63 .............B\c
0020: CB D3 C5 40 14 8B B5 5F FB FD C5 D9 ED 51 85 87 ...@..._.....Q..
0030: 76 FC 60 09 E6 D2 4C 55 09 79 CA 28 7E 5A 7C D7 v.`...LU.y.(.Z..
0040: 61 D8 34 CF D3 10 DC B3 C1 C9 AE E9 CD 64 B0 44 a.4..........d.D
0050: 4D 32 91 0C 1F 9C D4 E5 23 88 03 74 44 C5 51 C3 M2......#..tD.Q.
0060: 24 BD 4D 15 96 E7 12 9B D7 74 B0 E3 3E 89 4E 1A $.M......t..>.N.
0070: D3 EF 63 F9 13 AC 01 D2 8E 8D 2D CB D3 AE 78 18 ..c.......-...x.
0080: EC 1E 7E 1C A5 7E A3 2C E2 A4 EC BA 22 39 BC 28 .......,...."9.(
0090: 40 45 AC 07 41 A9 63 E3 06 2C D0 4C CD A4 50 E8 @E..A.c..,.L..P.
00A0: A8 BE EF 9D 03 3D 4B 1F AA 19 D4 67 9B 35 D4 24 .....=K....g.5.$
00B0: E6 CD 16 FE D2 BC 78 E2 B0 D0 43 A9 81 A4 F6 46 ......x...C....F
00C0: DC 84 74 A0 82 53 4A 29 94 BD 92 6C 1F C2 1F 02 ..t..SJ)...l....
00D0: 24 F8 1F DB 12 EC 10 D7 F2 E2 75 5E 58 F4 5F 34 $.........u^X._4
00E0: BF 76 4D E8 18 EC CA B2 7F 51 E5 F5 7F D6 13 15 .vM......Q......
00F0: 5D 69 69 61 03 AC F7 25 DF 3A F3 9B C3 B8 93 4A ]iia...%.:.....J

]

Added certificate to keystore 'jssecacerts' using alias '15.31.213.183-1'