added certificate to java keystore, still error

Question

Based on various web inputs, I have followed the following steps to add certificate to my local jdk keystore:

1. Downloaded the certificates by hitting the following command from a Linux host: openssl s_client -connect MyService:443 -showcerts

2. Copied the content between (and including) ------BEGIN CERTIFICATE-------- and --------END CERTIFICATE---------, saved it as C:\Java\jre\lib\security\cer1.cer

3. Typed: C:\Java\jre\bin>keytool -keystore C:\Java\jre\lib\security\cacerts -importcert -alias cer1 -file C:\Java\jre\lib\security\cer1.cer

This showed a message the certificate added successfully. Which i verified by using list command for keytool

4. Then i restarted my machine, and tried to run my Java program again, but still keep getting error:

"sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"

JDK Used: 1.8.0_31, Windows 7

Please help!

Answer 1

There were two types of setup where we were able to make it work:

1. On one machine, the person installing the JDk had done some changes to the folder structure for installing Java and had the following structure: Java/jre/lib/security as well as Java/lib/security. We added certificates to cacerts of Java/lib/security and it started to work

2. On a second machine, where the user did the default istallation, the following folder structure existed: Java/jre_1.8/lib/security and Java/jdk_1.8/jre/lib/security. We updated cacerts at Java/jre_1.8/lib/security and it started to work (For some reason, updating cacartes at Java/jdk_1.8/jre/lib/security did not work)

Answer 2

If you're using a JDK, adding it to the JRE truststore won't help. You need to add it to the truststore of the JRE that comes inside the JDK.