Based on various web inputs, I have followed the following steps to add certificate to my local jdk keystore:
Downloaded the certificates by hitting the following command from a Linux host: openssl s_client -connect MyService:443 -showcerts
Copied the content between (and including) ------BEGIN CERTIFICATE-------- and --------END CERTIFICATE---------, saved it as C:\Java\jre\lib\security\cer1.cer
Typed: C:\Java\jre\bin>keytool -keystore C:\Java\jre\lib\security\cacerts -importcert -alias cer1 -file C:\Java\jre\lib\security\cer1.cer
This showed a message the certificate added successfully. Which i verified by using list command for keytool
"sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"
JDK Used: 1.8.0_31, Windows 7
Please help!
If you're using a JDK, adding it to the JRE truststore won't help. You need to add it to the truststore of the JRE that comes inside the JDK.
There were two types of setup where we were able to make it work:
On one machine, the person installing the JDk had done some changes to the folder structure for installing Java and had the following structure: Java/jre/lib/security as well as Java/lib/security. We added certificates to cacerts of Java/lib/security and it started to work
On a second machine, where the user did the default istallation, the following folder structure existed: Java/jre_1.8/lib/security and Java/jdk_1.8/jre/lib/security. We updated cacerts at Java/jre_1.8/lib/security and it started to work (For some reason, updating cacartes at Java/jdk_1.8/jre/lib/security did not work)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With