Importing Site Certificate Into Java Runtime Certificate Store
Posted By : Kamaldeep Singh | 31-Dec-2017
Hi guys,
We must have faced problems to connect to a server that has an invalid self-signed SSL certificate, resulting our application throws following such errors:
SunCertPathBuilderException occurred when processing request: [GET] /requestURL - parameters:
unable to find valid certification path to requested target. Stacktrace follows:
Message: unable to find valid certification path to requested target
OR
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Hence to make your Java runtime environment trust the certificate, you need to import it into the JRE certificate store explicitly. Today in this blog I will help you how you can do this into your system.
- Step 1 - Extract the connecting site certificate from your browser.
In google chrome browser, open the site, and then press F12. Now navigate to the "Security" tab and then click on view certificate.
A pop-up screen will open showing you "General" details of the certificate. Now click on the "Details" tab and in the bottom you will find the "Export" option. Click on Export. a saving pop-up will get open asking you for the saving location. Make sure to select the "DER-Encoding" format before you click on the save.
- Step 2 - Import the certificate into the Java Key Store
Now, as we have extracted the certificate and saved it into the system, hence the next step is to import the certificate into the Jave key store. Make sure you have write access to your JRE and use the keytool utility to import on Ubuntu. In my case the JRE is installed on the following location:
/usr/lib/jvm/jdk1.7.0_80
Hence the certificate file in which we have to add the extracted certificate is located at:
/usr/lib/jvm/jdk1.7.0_80/jre/lib/security/cacerts
Now to import the certificate using key store, use the following command:
keytool -import -alias test_certificate -keystore /usr/lib/jvm/jdk1.7.0_80/jre/lib/security/cacerts -file /home/kamaldeep/Desktop/test.site.com
Where:
test_certificate : is the unique alias name to denote the imported certificate
/usr/lib/jvm/jdk1.7.0_80/jre/lib/security/cacerts : is the location of the Java default certificate
/home/kamaldeep/Desktop/test.site.com : is the location of the extracted certificate.
You will be prompted for the keystore password, which is by default changeit.
- Step 3 - Import the certificate into the Java application
Now before you make any connections from your Java application, you may also be required to import the certificate explicitly into the application by setting the system property in the following manner
System.setProperty("javax.net.ssl.trustStore", "/usr/lib/jvm/jdk1.7.0_80/jre/lib/security/cacerts");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
That's all we have to do to resolve.
Request for Proposal
Cookies are important to the proper functioning of a site. To improve your experience, we use cookies to remember log-in details and provide secure log-in, collect statistics to optimize site functionality, and deliver content tailored to your interests. Click Agree and Proceed to accept cookies and go directly to the site or click on View Cookie Settings to see detailed descriptions of the types of cookies and choose whether to accept certain cookies while on the site.
About Author
Kamaldeep Singh
Kamaldeep is a highly skilled Backend Developer specializing in Java, specifically the Spring framework. He also has extensive knowledge of Javascript and associated frameworks such as Node.js and Express. He possesses a deep understanding of the latest technologies and has hands-on experience with Core Java, Spring Boot, Hibernate, Apache Kafka messaging queue, Redis, as well as both relational databases like MySQL and PostgreSQL and non-relational databases like MongoDB. He has made significant contributions to various projects, including Viral Nation, ExamWorks, TNIBRO, Biogas engineering, SecureNow - Web Application, FB Messenger Chatbot, Dialogflow Chatbot, and Catalyst. Kamaldeep's expertise allows him to seamlessly integrate different technologies into applications, highlighting his adaptability and innovative mindset. His practical experience and strong technical skills make him an invaluable asset to any team.