0

I am trying to send an email over SSL, I already have the certificate and I have imported it into my cacerts file. I assumed that by default, java would look for the cacerts file in the java_home, or in the jdk specified for the project. This is not the case and so I set the system property for the keystore and truststore to point to the path where my cacerts is found, I did this in the following way:

System.setProperty("javax.net.ssl.keyStore", JAVA_HOME + "\\jre\\lib\\security\\cacerts");
System.setProperty("javax.net.ssl.trustStore",JAVA_HOME + "\\jre\\lib\\security\\cacerts");
System.setProperty("javax.net.ssl.keyStorePassword", password);
System.setProperty("javax.net.ssl.trustStorePassword", password);

This doesn't work either, even after specifying the path I keep getting the following error:

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I have read numerous posts on here (Stackoverflow) and even other websites and I can't manage to get this to work. Does anyone know why this is happening? Or maybe you can tell me if there are things that I should check before.

Dan Gal
  • 99
  • 3
  • 10
  • I guess it is this folder path `jre\lib\security` instead of `jre\lib\security\cacerts`, where your keyStore and trustStore should point to! – N00b Pr0grammer Sep 07 '16 at 11:38
  • I've tried this and got the following: Caused by: java.io.FileNotFoundException: C:\Program Files\Java\jdk1.8.0_73\jre\lib\security (Access is denied) Could this be due to not having full administrator privileges? – Dan Gal Sep 07 '16 at 11:42
  • Why do you use same file as keystore and truststore ? Also it is not a good place to have this under program files, which will normally need administrator rights to edit. – MrSimpleMind Sep 07 '16 at 11:46
  • To be honest with you, I'm new to this and most examples I saw had the same path for both the trust store and the keystore, is this incorrect? If so, where is the trust store located because I have tried looking that up but most sites simply mention the cacerts file – Dan Gal Sep 07 '16 at 11:48
  • Possible duplicate of [Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?](http://stackoverflow.com/questions/9619030/resolving-javax-net-ssl-sslhandshakeexception-sun-security-validator-validatore) – MrSimpleMind Sep 07 '16 at 11:50
  • From what I'm reading this is the same thing I'm trying to do, specifying the path to my cacerts file. Should the keystore path point to the cacerts or .keystore file? I know this may sound like a dumb question but I've tried various different methods and none of them seem to work – Dan Gal Sep 07 '16 at 11:55
  • I have now done the following: System.setProperty("javax.net.ssl.keyStore", JAVA_HOME+".keystore"); System.setProperty("javax.net.ssl.trustStore", JAVA_HOME+ "jdk1.8.0_73\\jre\\lib\\security"); System.setProperty("javax.net.ssl.keyStorePassword", password); System.setProperty("javax.net.ssl.trustStorePassword", password); and I got the following error: Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty Which apparently means that the truststore was not found – Dan Gal Sep 07 '16 at 12:19
  • How exactly did you import the certificate into your cacerts file? Did you use the [InstallCert](http://www.oracle.com/technetwork/java/javamail/faq/index.html#installcert) program? If you imported it into the JRE's cacerts file, you shouldn't need to specify the trustStore property. If you remove that, what happens? Note that you can completely bypass certificate checking by setting the JavaMail session property [mail.smtp.ssl.trust](https://javamail.java.net/nonav/docs/api/com/sun/mail/smtp/package-summary.html#mail.smtp.ssl.trust). – Bill Shannon Sep 07 '16 at 19:57

0 Answers0