how to import certificate into java trust store

When using Java application to access server that using invalid certificate or self-signed certificate, you maybe will get below exception:

 javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1747)
	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
	at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1209)
	at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:135)

To make Java trust those certificate we must manual import that cert into java trust store. In this post i will guide you how to import certificate into trust store. In default Java lookup trust store in $JAVA_HOME/jre/lib/security/cacerts. So you must import certificate that you need to trust to that keystrore using keytool utility that ship with Java using below syntax

#move currency directory to $JAVA_HOME/jre/lib/security/cacerts
# default password of cacerts file is changeit
# in linux maybe you should not use -storepass option and enter direct on console
keytool -import -alias ca -file path_and_cert_name.cer -keystore cacerts –storepass changeit

 

Leave a Reply