Anantha Raju C

Photo by Max Harlynking / Unsplash

Adding SSL Certificate to Java KeyStore

Java Jun 29, 2021

This post briefly documents the process of adding a URLs security certificate to Java KeyStore to mitigate the error of “PKIX path building failed” and “unable to find valid certification path to requested target” errors.

Example Issue on StackOverflow

"PKIX path building failed" and "unable to find valid certification path to requested target".

Minimum Software Requirements

  • Java
  • Web Browser (Chrome, Firefox, etc.,)

Sample Scenario

We will be using https://stackoverflow.com/ as the resource from which we will be exporting the security certificate and adding to the Java KeyStore on our local machine from which we would like to access the URL/API programmatically.

Replace https://stackoverflow.com/ URL with any other URL you are encountering certification errors with.

Process to export the security certificate

1. Access Certificate Details:

  • Click on the green lock icon in the URL bar of the web browser
  • Click on Certificate option in the drop-down list.

1-green-lock-icon

  1. View Certificate Details
  • Navigate to the Details tab

3. Export Certificate:

  • Click on the Copy to file button

4. Certificate Export Wizard

  • Click on Next button.

5. Select Export Format:

  • Select the Base-64 encoded X.509 (.CER) format radio button option and click on Next button.

6. Save Certificate:

  • Click on the browse option and navigate to the location (folder) where you'd like the file to be saved, enter a desired file name and Click on Next button.

7. Review Settings:

  • Settings of the certificate being exported is presented to you for review. Click on the Finish button to complete the certificate export process.

8. Certificate Saved:

  • Finally, the certificate will be saved in the selected location.

Process to add the exported security certificate to Java KeyStore

  1. Open command prompt as Administrator
  2. Navigate to the location were the certificate was exported to.
  3. Issue the following command,
  • Use the keytool command to import the certificate

keytool -import -alias stackoverflow -keystore "C:\Program Files\Java\jre1.8.0_25\lib\security\cacerts" -file stackoverflow.cer

  • When prompted, enter the keystore password: changeit.
  • When Prompted with the question Trust this certificate? [no]:, type yes
  1. Restart the machine for the changes to take into effect.

Additional Resources

KeyStore Explorer

By following these steps, you should be able to add any SSL certificate to your Java KeyStore, ensuring seamless connectivity for your Java applications.

Tags

Anantha Raju C

| Poetry | Music | Cinema | Books | Visual Art | Software Engineering |

Recommended for you