Reputation: 1044
Based on various web inputs, I have followed the following steps to add certificate to my local jdk keystore:
Downloaded the certificates by hitting the following command from a Linux host: openssl s_client -connect MyService:443 -showcerts
Copied the content between (and including) ------BEGIN CERTIFICATE-------- and --------END CERTIFICATE---------, saved it as C:\Java\jre\lib\security\cer1.cer
Typed: C:\Java\jre\bin>keytool -keystore C:\Java\jre\lib\security\cacerts -importcert -alias cer1 -file C:\Java\jre\lib\security\cer1.cer
This showed a message the certificate added successfully. Which i verified by using list command for keytool
"sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"
JDK Used: 1.8.0_31, Windows 7
Please help!
Upvotes: 4
Views: 16598
Reputation: 1044
There were two types of setup where we were able to make it work:
On one machine, the person installing the JDk had done some changes to the folder structure for installing Java and had the following structure: Java/jre/lib/security as well as Java/lib/security. We added certificates to cacerts of Java/lib/security and it started to work
On a second machine, where the user did the default istallation, the following folder structure existed: Java/jre_1.8/lib/security and Java/jdk_1.8/jre/lib/security. We updated cacerts at Java/jre_1.8/lib/security and it started to work (For some reason, updating cacartes at Java/jdk_1.8/jre/lib/security did not work)
Upvotes: 1
Reputation: 311039
If you're using a JDK, adding it to the JRE truststore won't help. You need to add it to the truststore of the JRE that comes inside the JDK.
Upvotes: 5