Java, SSL and self-signed certificates

Depending on the API you are using or how you are using SSL, you might have received an error stating that the certificate is invalid, not path to certificate, invalid certificate chain, no chain found, PKIK error, or something similar. This occurs when the certificate is self-signed or signed by an authority that has not been verified by the JDK you are using.

There is a simple way to handle this for self-signed certificates:

  1. Open Firefox
  2. Go to the site that is using SSL (i.e. https://svn.example.com)
  3. Click on the lock down in the lower right corner of the browser window
  4. Click the “View certificate” button
  5. Click the details tab
  6. Click the export button to export the certificate
  7. Save the certificate in x.509 (PEM) format
  8. Go to a command prompt
  9. Add the certificate to the keystore

Here is the command to add the certificate to your global keystore:

*nix

$ keytool -import -keystore $JAVA_HOME/lib/security/cacerts -file <your-pem-export>
-alias <anything>

Windows

c:> keytool -import -keystore %JAVA_HOME%/lib/security/cacerts -file <your-pem-export>
-alias <anything>

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s