Posts tagged jssecacerts

How to add a trusted root certificate to your Java Keystore

Had a small Issue with a few Java apps that I run.  The apps connect to MS Exchange and download attachments from emails, send out emails, create calendar entries, etc.

The problem was that this past weekend I updated my Exchange certs to use my Microsoft Certificate Server Certs, which of course, is not part of the default “Trusted Root Cert keystore”, so I had to add it.

So in order to add your MS Root Cert, you need to (By the way, this will work with any other 3rd party CA certs)

  1. Point your browser to your root certificate server
  2. Click on the link “Download a CA certificate, certificate chain, or CRL”
  3. Download the CA cert (DER format is fine)
    (I saved the CA certificate as “C:\certnew.cer”, remember the location because you will need it in for the import command)
  4. Open up a command windows and type the following command

    C:\Java\jre1.5.0_06\bin\keytool.exe -import -keystore C:\Java\jre1.5.0_06\lib\security\cacerts -file “C:\certnew.cer”

    When it prompts for a password, enter your keystore password (note that in this example im using the default password for java keystores which is “changeit”)

    The output of the command should look like this

  5. Test out your java application now, you should be OK with certificates signed by your Microsoft Root Certificate Server from now on.
Facebook Twitter Email Linkedin Digg Delicious

Solving the “ PKIX path building failed” Error PKIX path building failed: unable to find valid certification path to requested target

If you are here is because you got that error above and you are trying to figure out why, and how to solve it…

well, im here to help you get it solved fast so you can get back to whatever it is you were doing before you looked this up 🙂

  1. Get a copy of the .cer file, either right from the server you are trying to access, or by installing it to your machine then exporting it
  2. Get Portecle and Run it
  3. From Inside Portecle, click on “Open Keystore File”, find the cacert file for your Java installation (In my case it is C:\Program Files\Java\jre1.6.0_07\lib\security\cacerts)
  4. When prompted for a password, it will probably be one of the defaults, I used “changeit”
  5. Click on “Import Trusted Certificate”, find the .cer file from step 1, add it, agree to everything (specially if its a self signed cert)
  6. Hit the save button, and voila, your ssl’ing away

Note: If you have a jssecacerts file in your security folder, java will always look at the jssecacerts file first and Ignore your cacerts file, so you must get rid of the jssecacerts file before java will look at cacerts

Facebook Twitter Email Linkedin Digg Delicious
Go to Top