Adding SSL Certificate to Java KeyStore
This post briefly documents the process of adding a URLs security certificate to Java KeyStore to mitigate the error of “PKIX path building failed” and “unable to find valid certification path to requested target” errors.
Example issue filed on StackOverflow.
Minimum Software Requirements
- Java
- Web Browser (Chrome, Firefox, etc.,)
Sample Scenario
We will be using https://stackoverflow.com/ as the resource from which we will be exporting the security certificate and adding to the Java KeyStore on our local machine from which we would like to access the URL/API programmatically.
Replace https://stackoverflow.com/ URL with any other URL with which you're facing the certification error.
Process to export the security certificate
Click on the green lock icon in the URL bar of the web browser and click on Certificate option in the drop-down list.
Click on Details tab.
Click on Copy to file button.
Click on Next button.
Select the Base-64 encoded X.509 (.CER) format radio button option and click on Next button.
Click on the browse option and navigate to the location (folder) where you'd like the file to be saved, enter a desired file name and Click on Next button.
Settings of the certificate being exported is presented to you for review. Click on the Finish button to complete the certificate export process.
Finally, the certificate will be saved in the selected location.
Process to add the exported security certificate to Java KeyStore
Open command prompt as Administrator and navigate to the location were the certificate was exported to.
Issue the following command,
keytool -import -alias stackoverflow -keystore "C:\Program Files\Java\jre1.8.0_25\lib\security\cacerts" -file stackoverflow.cer
Enter the keystore password as changeit
When Prompted with the question Trust this certificate? [no]:, type yes
Restart the machine for the changes to take into effect.