解决minio：unable to find valid certification path to requested target问题

minio 上传文件，改为https并配置好正确的证书后，出现以下问题：

... 113 common frames omitted
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
    at sun.security.validator.Validator.validate(Validator.java:260)
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
    ... 146 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
    ... 152 common frames omitted

• 获取
  以简书为例，谷歌获取流程：

  
  
  

  以简书为例，火狐获取流程：

  
  
  [图片上传中...(image.png-caa42c-1630322965166-0)]
  
  
  
  

  下载即可。

• 导入
  windows 默认的可信任证书是 %java_home%\jre\lib\security\cacerts
  linux $JAVA_HOME/jre/lib/security

# 进入$JAVA_HOME/jre/lib/security
cd /usr/java/jdk1.8.0_91/jre/lib/security
# 导入证书
keytool -import -alias 证书别名 -keystore cacerts -file  /root/证书.cer # 根据安装位置而定
# 或者
keytool -import -alias 证书别名 -keystore  $JAVA_HOME/jre/lib/security/cacerts -file  /root/证书.cer
# 输入默认密码：changeit 并选择信任:输入 yes 回车
Trust this certificate? [no]:  yes
Certificate was added to keystore

# 查看刚生成证书
keytool -list -keystore cacerts -alias 证书别名
Enter keystore password:
omo, Aug 30, 2021, trustedCertEntry,
Certificate fingerprint (SHA1): 1E:78:F3:BD:13:A7:54:81:F0:32:72:9A:20:9E:4A:F4:AF:2B:3B:3F
# 重启应用即可

• 导出

  # 导出密钥
  keytool -export  -alias 证书别名 -keystore  cacerts -file /root/证书.cer -storepass changeit
  Certificate stored in file </root/证书.cer>
  

• 2.更新

  # 先删除原来的证书，然后导入新的证书
  keytool -list -keystore cacerts   # 全部查看
  keytool -list -keystore cacerts -alias 证书别名 # 只查别名
  keytool -delete -alias 证书别名 -keystore cacerts
  keytool -import -alias 证书别名 -file 证书.cer -keystore cacerts -trustcacerts # 注意路径问题