How can I add a server certificate to my local trusted Java key store?

Question

I've written Java client to access a securely-served Web service, however the certificate used by the Web service host is not issued by certification authority, but a self signed or issued by a private CMS. I get the following error:

PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: 
unable to find valid certification path to requested target

Use `keytool`. See [related questions][1]. [1]: http://stackoverflow.com/questions/3685548/java-keytool-easy-way-to-add-server-cert-from-url-port — matt b, Sep 07 '12 at 00:44
As an alternative, if you're using Apache's HttpClient, they offer [EasySSLProtocolSocketFactory](http://svn.apache.org/viewvc/httpcomponents/oac.hc3x/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java) to accept self-signed certificates. — asgs, Sep 07 '12 at 01:09

Charith De Silva · Answer 1 · 2012-09-07T01:05:56.623

2

use this class

https://confluence.atlassian.com/download/attachments/180292346/InstallCert.java?version=1&modificationDate=1315453596921

issue this command Java InstallCert “yourserver:sslport”

ex Java InstallCert “chades:8443”

Also don't forget to copy your jssecacerts file to following directory

Java home/jre[version_number]/lib/security

edited Sep 07 '12 at 01:05

answered Sep 07 '12 at 00:54

Charith De Silva

3,650
4
43
47

How can I add a server certificate to my local trusted Java key store?

1 Answers1