AKHILKARTHIK
asked on
JAVA programmatically load the trust KeyStore file when making the ssl context for HTTPS
Using Java code, how to programmatically load the trust keystore file when making the ssl context
Any insights are highly appreciated.
Any insights are highly appreciated.
ASKER
What is this error mean? And how to add the certs programmatically using JAVA to call HTTPS url. I am using HttpsURLConnection to open the HTTPS call.
Exception caught while calling the HTTPS connection::javax.net.ssl. SSLHandsha keExceptio n: com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPat hBuilderEx ception: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPat hValidator Exception: The certificate issued by CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net is not trusted; internal cause is:
java.security.cert.CertPat hValidator Exception: Certificate chaining error
Exception caught while calling the HTTPS connection::javax.net.ssl.
java.security.cert.CertPat
java.security.cert.CertPat
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
So does this mean it is failing because of missing proper certficate chains on servers to trust SSL connection? We are using Websphere and operating system is unix. any idea how programmatically load that keystore and trust that certs when making the ssl context.
Try the below (JAVA_HOME will need to have been set [it should be])
echo 'changeit' | keytool -list -v -keystore $(find $JAVA_HOME -name cacerts) | grep 'Owner:' | grep 'Entrust'
ASKER
How to execute this command on my Windows machine? THe same exception seems to be coming even when i am using the local machine (windows XP), using RAD/websphere workspacee. Cna you please send me command to run this on windows.
?? You just said your OS is Unix?
ASKER
Windows is used for testing where we have local RAD/websphere workspace for unit testing , UNIX is where our appserver will be running. So i am testing in both and getting the same exception.
You just need to put the correct path in for the cacerts file in Windows
:)
http://jcalcote.wordpress.com/2010/06/22/managing-a-dynamic-java-trust-store/