java procedure to accessing https service using jks file

Question

1. Java code to call a remote web service with JKS file.

2. How to access authorized service using certificate. and added please define java keystore. I am very new these processes. I am getting following error while trying related to this

   cause javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: 
   PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException
   

I am struggling for last one month. Please anyone do the needful. Forgive me for grammatical mistake.

Answer 1

First you need to obtain the public certificate from the server you're trying to connect to. That can be done in a variety of ways, such as contacting the server admin and asking for it, using openssl to download it, or, if it is an HTTP server, connecting to it with any browser, viewing the page's security info, and saving a copy of the certificate. (Google should be able to tell you exactly what to do for your specific browser.)

Now that you have the certificate saved in a file, you need to add it to your JVM's trust store. At $JAVA_HOME/jre/lib/security/ for JDKs or $JAVA_HOME/lib/security for JREs, there's a file named cacerts, which comes with Java and contains the public certificates of the well-known Certifying Authorities. To import the new cert, run keytool as a user who has permission to write to cacerts:

keytool -import -file <the cert file> -alias <some meaningful name> -keystore <path to cacerts file>

It will most likely ask you for a password. The default password as shipped with java is "changeit". Almost nobody changes it. After you complete these relatively simple steps, you'll be communicating securely and with assurance that you're talking to the right server and only the right server (as long as they don't lose their private key).