I am attempting to connect to a REST service through https (SSL) and it wasn't working. The error is PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. I traced the problem down do the fact that the Certificate Authority, a place called www.identrust.com, has not been added to the default list of trusted authorities in the JRE's default keystore. See Will the cross root cover trust by the default list in the JDK/JRE? or Which browsers and operating systems support Let’s Encrypt.
I have seen a few suggested solutions such as ignoring authentication (Java: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target), or importing the certificate into the JRE keystore (“unable to find valid certification path to requested target”, but browser says it's OK), but what I want to do is have my Java SE application successfully connect with SSL to sites that have certificates from www.identrust.com, as well as any other valid sites. In other words, I don't want to change the JRE keystore with every JDK update and I don't want to ignore the certificate.
I can get identrust's certificate from their website (Certificate Chain Download Instructions), so how do I add it into the "chain of trust" for my application?
