PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed

发布日期 2023-11-22 23:11:37 已于 2023-11-22 23:13:01 修改

今天在JetLinks物联网平台中发现RocketMQ消息无法被消费者消费处理,首先想到的是进入rocket-mq程序部署位置查看日志输出:

2023-11-22 09:35:13.881  INFO 19181 --- [MessageThread_2] com.xxx.listener.RocketMQMsgListener  : consumeThread=ConsumeMessageThread_2,topic=topic-device-message,queueId=1,tags=1551381479428898816,content:{"headers":{"productId":"windflow","deviceName":"风机001","orgId":"1551381479428898816"},"messageType":"OFFLINE","deviceId":"windflow001","timestamp":1700616913806}
2023-11-22 09:35:14.170 ERROR 19181 --- [MessageThread_2] com.xxx.listener.RocketMQMsgListener  : sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed

看到以上日志输出,有一段关键的信息:

PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed

这段关键信息意思是消费者监听消费消息过程中出现了证书验证失败的问题,那么具体代码位置指向的就是com.xxx.listener.RocketMQMsgListener这个类,进入这个类中查看程序,果然有调用外部物联网平台的接口如下:

然后查看该接口对应的域名发现证书确实已经过期:

现在基本已经确定消费者监听处理程序无法正常消费处理消息的原因就在这里,那么现在只需要进入服务器归属的厂商平台进行域名证书更换续期即可,续期完成以后,再查看日志就可以正常消费处理消息了:

2023-11-22 16:01:43.160  INFO 19181 --- [MessageThread_5] a.r.s.s.DefaultRocketMQListenerContainer : consume 0A15E17C4B8F238E0D816F960574000C cost: 383 ms
年末感恩回馈