..
Adding Self-signed Certificate for Java Application on Windows
In addition to import self-signed certificate into system, you need to import it to another place. That’s called Java truststore.
Here’s one little Java class
file
called SSLPoke.class to let you check if you can connect the target with SSL
(whatever HTTPS, LDAPS, POP3S, etc.).
C:\Users\nobody\Downloads>java SSLPoke repo.maven.apache.org 443
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.writeRecord(Unknown Source)
at sun.security.ssl.AppOutputStream.write(Unknown Source)
at sun.security.ssl.AppOutputStream.write(Unknown Source)
at SSLPoke.main(SSLPoke.java:31)
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 16 more
Normally it should be like the following:
C:\Users\nobody\Downloads>java SSLPoke repo.maven.apache.org 443
Successfully connected
System Java Version
Firstly, check current Java version.
C:\>java -version
java version "1.8.0_191"
Java(TM) SE Runtime Environment (build 1.8.0_191-b12)
Java HotSpot(TM) 64-Bit Server VM (build 25.191-b12, mixed mode)
The certificate must be imported into the correct version of Java’s cacerts
file, or there will be no effect.
Java’s Root Certificate Authority (CA)
Dump out current trusted root certificates with changeit password.
C:\Program Files\Java\jre1.8.0_191\bin>keytool.exe -list -v -keystore ../lib/security/cacerts > ../lib/security/java_cacerts.txt
Import the self-signed certificate with changeit password.
C:\Program Files\Java\jre1.8.0_191\bin>keytool.exe -import -alias zenoss -keystore ../lib/security/cacerts -file C:\Users\nobody\Downloads\zenoss.cer
Dump out trusted root certificates again to see whether we have succeeded import the self-signed certificate or not.
C:\Program Files\Java\jre1.8.0_191\bin>keytool.exe -list -v -keystore ../lib/security/cacerts > ../lib/security/java_cacerts.txt