Issue with CACERTS IntelliJ + Gradle

Question

I currently am running some REST calls behind a proxy, so I need to follow some strict processes in order for the calls to go through.

Previously I was building in Eclipse for a POC, but now that I know it works, I am trying to transfer it over to IntelliJ (Personal favorite IDEA) along with Gradle for the build automation.

I got the project to compile, export all the dependencies, etc... but when I run it IN IntelliJ I get a "Cert not found error". On a side note however, if I execute the compiled Jar file (from gradle) using "java-jar MyJar.jar", it runs perfectly and doesn't throw the cert error. The kicker here is, if I execute the Jar using JUST the gradle task outside of IntelliJ it works, but if I try to execute the task right after the build in IntelliJ it fails.

Works:

Executing the jar created from Gradle build task manually VIA CLI
Executing the gradle task below using "gradle runMain" VIA CLI

Doesn't work: - Executing the build task within IntelliJ and calling "runMain" at the end of the build task

My current theory, is that running it via java -jar and gradle runMain, causes the JVM to use the default cacerts "/jre_xxx/libs/security/cacerts" (where I already added the certificate) but when I execute the Jar within IntelliJ with Gradle, it uses a different location. I've also added the cert to "C:\Program Files\JetBrains\IntelliJ IDEA Community Edition 2018.1.5\jre64\lib\security\cacerts" as well but I still recieved this eror while running it in IntelliJ.

task(runMain, dependsOn: 'classes', type: JavaExec) {
     main = 'com.xxx.xx.x.Utopia'
     classpath = sourceSets.main.runtimeClasspath
     args=[
             "-Djavax.net.ssl.trustStore=C:\\ProgramFiles\\Java\\jre1.8.0_121\\lib\\security\\cacerts"
     ]
 }

Running this VIA CLI seems to work but never with the Gradle build task within IntelliJ.

Any help would be greatly appreciated.

EDIT: The error that I get ONLY while running it within IntelliJ (PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)

I already downloaded and installed the root cert using the java keytool and used key explorer to verify that it is indeed there. Basically it works outside of IntelliJ, but if I try to run the gradle (build or runMain) within InteillJ, I get the certificate error which makes me think IntelliJ isn't using the correct cacerts. — 97WaterPolo, Jul 10 '18 at 18:48
I have an email from JetBrains support that suggests topmost certificate is the issue. IntelliJ will do it properly if you have the correct cert. I had this issue with Gradle b/c I didn't have the topmost cert. Click on certificate path instead of detail copy to file. — duffymo, Jul 10 '18 at 19:25
Do you recommend that I add the topmost cert to the default Java CACERT (jre_xxx/lib/security) or should I add it to the IntelliJ at IntelliJ/jre64/lib/security.cacert? — 97WaterPolo, Jul 10 '18 at 19:59
EDIT: I added the topmost cert, I obtained the highest tree value and added it to both of the cacerts yet I am still receiving the exact same issue. — 97WaterPolo, Jul 10 '18 at 20:05

score 13 · Accepted Answer · answered Jul 11 '18 at 16:09

13

After contacting JetBrains support with my issue, I was made aware of the problem. Logically I was under the assumption that the JRE would execute the JAR file, this is ONLY the case when running java -jar my.jar or executing Gradle from CLI. The way IntelliJ works is that it solely uses the JDK, so I had to modify the small JRE that was within the JDK. Once I did that and added it to the CACERTS found within my jdk.xxx/jre/lib/security/cacerts, I was able to resolve this issue.

https://youtrack.jetbrains.com/issue/IDEA-195428

answered Jul 11 '18 at 16:09

97WaterPolo

375
1
3
24

Thanks a lot, i don't know why its only 1 upvote. This saved me tons of time. – prakharjain Mar 13 '19 at 07:05
Using the "Choose Runtime" to select a custome runtime (with preloaded certs) doesn't work for me since, when i do, the intellij preferences dialog wont work. I wish there was a "intellij cacerts" plugin. Wouldn't that be awesome? – djangofan Aug 03 '21 at 20:04

score 1 · Answer 2 · answered Nov 11 '20 at 05:28

1

In case anyone comes across this issue as well. I had added my certs to the JDK store and ensured IntelliJ was using the JDK however it would still fail when trying to download JARs. Turned out I had to kill the gradle deamon running in the background as it was persisting between IntelliJ restarts. I'm on windows so ps java | kill worked in Powershell. pkill java will work in Linux.

answered Nov 11 '20 at 05:28

Chris

349
2
9

This worked for me! I killed the daemon using `gradle --stop` – Shawn Wonsmos Mar 30 '22 at 19:37

score 0 · Answer 3 · answered Oct 17 '19 at 11:48

0

Ok.. sometimes this could be very minute thing which we tend to overlook is to always use the cacerts file path from your jdk>jre>lib>security folder in to you gradle VMOptions settings.

answered Oct 17 '19 at 11:48

Satyam Jain

11
2

score 0 · Answer 4 · answered Aug 03 '21 at 20:19

0

Use the built-in IntelliJ-IDEA plugin to trust custom certs:

https://www.jetbrains.com/help/idea/settings-tools-server-certificates.html

answered Aug 03 '21 at 20:19

djangofan

28,471
61
196
289

Issue with CACERTS IntelliJ + Gradle

4 Answers4