This blog will discuss how to Import Public Certificates into Java’s trustStore.
When a server changed its HTTPS SSL certificate, our older version of Java did not recognize the root certificate authority (CA). and got the below error.
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
To Fix Problem
We need to Import the root certificate of a certificate authority (CA who signs or generates the HTTPS/SSL certificate for the website ) in Java trustStore which is in
We can get the root certificate in two ways.
- Export from a browser.
- using OpenSSL in the Command Line.
Suppose we are getting SSLHandshakeException while connecting the www.google.com
Export from a browser like Chrome.
Export Using OpenSSL in the Command Line
For OpenSSL on Windows CheckOut this Url
Import the .crt or .pem file in the Java trustStore using Java keytool
Change the alias in the below command before executing.
/jre/bin/keytool -importcert -cacerts -noprompt -alias <alias> -file certificate.pem -storepass changeit
The default password for this trust store is ‘changeit’
Done. Now you can restart your Java Application.
Java SSL Tools
For doing in an easy way you can use java-ssl-tools (jssl)
To ping, install, or uninstall the certificate.