Solved

JAVA  programmatically load the trust KeyStore file when making the ssl context for HTTPS

Posted on 2014-03-26
10
2,985 Views
Last Modified: 2014-04-03
Using Java code, how to  programmatically load the trust keystore file when making the ssl context
Any insights are highly appreciated.
0
Comment
Question by:AKHILKARTHIK
  • 6
  • 4
10 Comments
 
LVL 86

Expert Comment

by:CEHJ
Comment Utility
0
 

Author Comment

by:AKHILKARTHIK
Comment Utility
What is this error mean? And how to add the certs programmatically using JAVA to call HTTPS url. I am using HttpsURLConnection to open the HTTPS call.

Exception caught while calling the HTTPS connection::javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not                         build a valid CertPath.; internal cause is:
                              java.security.cert.CertPathValidatorException: The certificate issued by CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net is not trusted; internal cause is:
                              java.security.cert.CertPathValidatorException: Certificate chaining error
0
 
LVL 86

Accepted Solution

by:
CEHJ earned 500 total points
Comment Utility
Make sure Entrust.net is definitely in your JRE's list of CAs. What OS are you using?
0
 

Author Comment

by:AKHILKARTHIK
Comment Utility
So does this mean it is failing because of missing proper certficate chains on servers to trust SSL connection? We are using Websphere and operating system is unix. any idea how programmatically load that keystore and trust that certs when making the ssl context.
0
 
LVL 86

Expert Comment

by:CEHJ
Comment Utility
Try the below (JAVA_HOME will need to have been set [it should be])
echo 'changeit' | keytool -list -v -keystore $(find $JAVA_HOME -name cacerts) | grep 'Owner:' | grep 'Entrust'

Open in new window

0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:AKHILKARTHIK
Comment Utility
How to execute this command on my Windows machine? THe same exception seems to be coming even when i am using the local machine (windows XP), using RAD/websphere workspacee. Cna you please send me command to run this on windows.
0
 
LVL 86

Expert Comment

by:CEHJ
Comment Utility
?? You just said your OS is Unix?
0
 

Author Comment

by:AKHILKARTHIK
Comment Utility
Windows is used for testing where we have local RAD/websphere workspace for unit testing , UNIX is where our appserver will be running. So i am testing in both and getting the same exception.
0
 
LVL 86

Expert Comment

by:CEHJ
Comment Utility
You just need to put the correct path in for the cacerts file in Windows
0
 
LVL 86

Expert Comment

by:CEHJ
Comment Utility
:)
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
In this post we will learn how to connect and configure Android Device (Smartphone etc.) with Android Studio. After that we will run a simple Hello World Program.
Viewers learn about the scanner class in this video and are introduced to receiving user input for their programs. Additionally, objects, conditional statements, and loops are used to help reinforce the concepts. Introduce Scanner class: Importing…
This tutorial covers a step-by-step guide to install VisualVM launcher in eclipse.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now