added certificate to java keystore, still error

1
votes

Based on various web inputs, I have followed the following steps to add certificate to my local jdk keystore:

  1. Downloaded the certificates by hitting the following command from a Linux host: openssl s_client -connect MyService:443 -showcerts

  2. Copied the content between (and including) ------BEGIN CERTIFICATE-------- and --------END CERTIFICATE---------, saved it as C:\Java\jre\lib\security\cer1.cer

  3. Typed: C:\Java\jre\bin>keytool -keystore C:\Java\jre\lib\security\cacerts -importcert -alias cer1 -file C:\Java\jre\lib\security\cer1.cer

This showed a message the certificate added successfully. Which i verified by using list command for keytool

  1. Then i restarted my machine, and tried to run my Java program again, but still keep getting error:

"sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"

JDK Used: 1.8.0_31, Windows 7

Please help!

2
javasecurityssl

2 Answers

4
votes

If you're using a JDK, adding it to the JRE truststore won't help. You need to add it to the truststore of the JRE that comes inside the JDK.

1
votes

There were two types of setup where we were able to make it work:

  1. On one machine, the person installing the JDk had done some changes to the folder structure for installing Java and had the following structure: Java/jre/lib/security as well as Java/lib/security. We added certificates to cacerts of Java/lib/security and it started to work

  2. On a second machine, where the user did the default istallation, the following folder structure existed: Java/jre_1.8/lib/security and Java/jdk_1.8/jre/lib/security. We updated cacerts at Java/jre_1.8/lib/security and it started to work (For some reason, updating cacartes at Java/jdk_1.8/jre/lib/security did not work)