Solved

JAVA  programmatically load the trust KeyStore file when making the ssl context for HTTPS

Posted on 2014-03-26
10
3,569 Views
Last Modified: 2014-04-03
Using Java code, how to  programmatically load the trust keystore file when making the ssl context
Any insights are highly appreciated.
0
Comment
Question by:AKHILKARTHIK
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
10 Comments
 
LVL 86

Expert Comment

by:CEHJ
ID: 39956973
0
 

Author Comment

by:AKHILKARTHIK
ID: 39961655
What is this error mean? And how to add the certs programmatically using JAVA to call HTTPS url. I am using HttpsURLConnection to open the HTTPS call.

Exception caught while calling the HTTPS connection::javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not                         build a valid CertPath.; internal cause is:
                              java.security.cert.CertPathValidatorException: The certificate issued by CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net is not trusted; internal cause is:
                              java.security.cert.CertPathValidatorException: Certificate chaining error
0
 
LVL 86

Accepted Solution

by:
CEHJ earned 500 total points
ID: 39961736
Make sure Entrust.net is definitely in your JRE's list of CAs. What OS are you using?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:AKHILKARTHIK
ID: 39962082
So does this mean it is failing because of missing proper certficate chains on servers to trust SSL connection? We are using Websphere and operating system is unix. any idea how programmatically load that keystore and trust that certs when making the ssl context.
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 39962113
Try the below (JAVA_HOME will need to have been set [it should be])
echo 'changeit' | keytool -list -v -keystore $(find $JAVA_HOME -name cacerts) | grep 'Owner:' | grep 'Entrust'

Open in new window

0
 

Author Comment

by:AKHILKARTHIK
ID: 39962341
How to execute this command on my Windows machine? THe same exception seems to be coming even when i am using the local machine (windows XP), using RAD/websphere workspacee. Cna you please send me command to run this on windows.
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 39962384
?? You just said your OS is Unix?
0
 

Author Comment

by:AKHILKARTHIK
ID: 39962418
Windows is used for testing where we have local RAD/websphere workspace for unit testing , UNIX is where our appserver will be running. So i am testing in both and getting the same exception.
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 39962439
You just need to put the correct path in for the cacerts file in Windows
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 39975865
:)
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Go is an acronym of golang, is a programming language developed Google in 2007. Go is a new language that is mostly in the C family, with significant input from Pascal/Modula/Oberon family. Hence Go arisen as low-level language with fast compilation…
Introduction This article is the second of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article covers the basic installation and configuration of the test automation tools used by…
Viewers will learn one way to get user input in Java. Introduce the Scanner object: Declare the variable that stores the user input: An example prompting the user for input: Methods you need to invoke in order to properly get  user input:
This tutorial covers a practical example of lazy loading technique and early loading technique in a Singleton Design Pattern.

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question