Like Internet explorer or Firefox , JAVA has its own certificate library through which it checks the authenticity of the SSL Certificate. But you will get a problem if you are using self signed SSL certificate on your server with JAVA application and you will come across this error :
Exception in thread "main" javax.net.ssl.SSLHandshakeException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
There is a trusted CA certificates list in JAVA from where it checks the authenticity of the SSL certificate. If CA SSL certificate is not in that list than you will get above error.
Import or add SSL certificate in JAVA runtime CertStore or Keystore :
There is one file cacerts in JAVA installation directory where all Trusted certificates are kept. You need to add your self-signed certificate into this cacerts file. The location of this file win Windows is :
C:\Program Files (x86)\Java\jre1.8.0_66\lib\security
where jre1.8.0_66 is the version of JAVA which is installed in your system. In my it is jre1.8.0_66 but in your system it may be different. But lib\security folder will be same. In security folder you will find a file name : cacerts .
Now you need to find the exe file name : KEYTOOL.exe in your Java installation bin directory. In my case Keytool.exe is in : C:\Program Files (x86)\Java\jre1.8.0_66\bin
Then you need to open CMD and go to this folder in this way :
In above snip you are seeing that we need to pass argument so that keytool can run.
Now copy your SSL Certificate (.cer file) to BIN folder. You can now add your self-signed certificate into this file by running command in cmd or command prompt of Windows: Note: You must open CMD as “RUN AS ADMINISTRATOR”. Type this command :
keytool -keystore cacerts -importcert -alias self-cert -file YOURCERTIFICATENAME.cer
keytool -keystore cacerts -importcert -alias self-cert -file codepointer.cer
When you put this command and hit enter it will ask for password. Type the password : changeit
Then it will ask for “Trust this certificate?” type yes and hit enter. Finally you will get successful message : “Certificate was added to keystore”. Below snip will give you clear picture how it look like :
Now you are able to use your Java client application with self-signed certificate without getting any error. Hope you enjoy this post.