ok,
You get this exception if your Certificate is expired, or does not exist in your store, or you updated another cacert file, and your java/and/or app is looking/using another.
1- Inspect your cacert file to actually see if the CERT has been added
with its alias there.
From inside your JDK/jre/bin , you can find the keytool.exe
You can call it like below to read the cacerts file:
susan@SE-00018098 /c/Program Files/Java/jdk1.7.0_80/jre/bin
$ keytool.exe -list -keystore ../lib/security/cacerts
Enter keystore password:
Keystore type: jks
Keystore provider: SUN
Your keystore contains 92 entries
digicertassuredidrootca, 2008-apr-16, trustedCertEntry,
Certificate fingerprint (SHA1): 05:63:B8:63:0D:62:D7:5A:BB:C8:AB:1E:4B:DF:B5:A8:99:B2:4D:43
trustcenterclass2caii, 2008-apr-29, trustedCertEntry,
Certificate fingerprint (SHA1): AE:50:83:ED:7C:F4:5C:BC:8F:61:C6:21:FE:68:5D:79:42:21:15:6E
thawtepremiumserverca, 2009-dec-11, trustedCertEntry,
Certificate fingerprint (SHA1): E0:AB:05:94:20:72:54:93:05:60:62:02:36:70:F7:CD:2E:FC:66:66
swisssignplatinumg2ca, 2008-okt-31, trustedCertEntry,
2- If it is, is it expired? Check the date.
3- Confirm whether your app/java runtime is using the cacert file
you just updated (Do you have multiple Java versions installed? What is your (Java_home)
======== Edited
If the certificate exists, and it is not expired, and you are 100% sure it is the right certificate, then probably your application/or container is not looking at the cacert file.
Try the hack below: I consider this as a hack, as you are hardcoding
a path that may/not exist when you deploy on a different server.
There are many ways of create your own truststore and keystore stores
and having those in the app itself, then you can incorporate them in
your code, but try it to just see if the rest of the code works.
Set the system property before your https connection code:
System.setProperty("javax.net.ssl.trustStore", "java_home_path/jre/lib/security/cacerts");
Replace with the correct path to cacerts file and try.
