Import external cert in aws

Question

Trying to connect to external soap service from aws lambda, but getting below exception.

com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I was getting the same exception when tried to call the service from local environment. It gets resolved after importing the security cert in jre/lib/security folder by using keytool command.

How to import the external security cert in AWS to resolve the exception.

I've gone through the below link.

Note::I have the certificate from browser but I don't have the private key.

Answer 1

This is how I solved this:

        //locate the default truststore
        String filename = System.getProperty("java.home") + "/lib/security/cacerts".replace('/', File.separatorChar);

        KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());

        try (FileInputStream fis = new FileInputStream(filename)) {

            keystore.load(fis, "changeit".toCharArray());
        }

        CertificateFactory cf = CertificateFactory.getInstance("X.509");

        //Input stream to cert file
        Certificate caCert = cf.generateCertificate(IOUtils.toInputStream(CA_CERT));
        keystore.setCertificateEntry("ca-cert", caCert);

        //can only save to /tmp from a lambda
        String certPath = "/tmp/CustomTruststore";

        try (FileOutputStream out = new FileOutputStream(certPath)) {

            keystore.store(out, "MyPass".toCharArray());
        }

        System.setProperty("javax.net.ssl.trustStore", certPath);
        System.setProperty("javax.net.ssl.trustStorePassword","MyPass");