Tag Archives: certificate

how to import certificate into java trust store

When using Java application to access server that using invalid certificate or self-signed certificate, you maybe will get below exception:

 javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1747)
	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
	at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1209)
	at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:135)

To make Java trust those certificate we must manual import that cert into java trust store. In this post i will guide you how to import certificate into trust store. In default Java lookup trust store in $JAVA_HOME/jre/lib/security/cacerts. So you must import certificate that you need to trust to that keystrore using keytool utility that ship with Java using below syntax

#move currency directory to $JAVA_HOME/jre/lib/security/cacerts
# default password of cacerts file is changeit
# in linux maybe you should not use -storepass option and enter direct on console
keytool -import -alias ca -file path_and_cert_name.cer -keystore cacerts –storepass changeit

 

how to get certificate from a https site

When integration with third party using HttpsURLConnection in java you usually get following issue if your third party use self signed certificate:

 javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed:sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

This issue happen cause java cannot verify that certificate and you must import it manual to trust store so java can trust site. But how you can get that certificate? In this post i will guide you how to get certificate from a https site. Continue reading how to get certificate from a https site