Implementing Campaign Manager - External Integrations

Registering Self-signed Certificates To The Java Keystore

The following common exception occurs related to HTTPS:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

This error occurs because the web server or the URL you are connecting to does not have a valid certificate from an authorized Certificate Authority (CA). You need to import the server certificate and install it in your JDK's keystore. Follow these steps to register the certificate to Java keystore.

Procedure

  1. Copy the URL that you are connecting to and paste it in your browser.
  2. A dialog box should appear warning you about the certificate. Click View Certificate and install the certificate, ignoring any warning messages.
  3. With the server certificate installed in your computer, your browser no longer warns you when you visit the same site again. However, Java Runtime Environment (JRE) does not yet know about this certificate's existence until you add it to its keystore. Usually you will use the keytool to manage certificates. Keytool is a command-line utility with numerous arguments that allow you to create and manage keystores for housing digital certificates.
  4. You can list the current certificates contained within a keystore using the keytool -list command. The initial password for the cacerts keystore is changeit.
    1. For example, open the command prompt by typing cmd and hit cntrl + shift + enter to open it in admin mode.
    2. Locate your java folder: C:\Program Files\Java\jre7\bin>keytool -list -keystore ..\lib\security\cacerts or C:\Program Files\Java\jre7\bin>keytool -list -keystore “C:\Program Files\Java\jre7\lib\security\cacerts”.
    3. Enter the keystore password: changeit.
  5. Add the previously installed certificate to this keystore by exporting your CA Root certificate as a DER-encoded binary file and save it as C:\root.cer. You can view the installed certificates under "Tools > Internet Options > Content > Certificates. When you have opened the certificates, locate and select the one you just installed under 'Trusted Root Certification Authorities", and click export. You can now save it (DER encoded binary) in your c: drive, for example, root.cer.
  6. Use the keytool -import command to import the file into your cacerts keystore. For example: keytool -import -alias myprivateroot -keystore ..\lib\security\cacerts -file C:\root.cer or keytool -import -alias myprivateroot -keystore "C:\Program Files\Java\jre7\lib\security\cacerts" -file "C:\root.cer".
    1. Enter the keystore password: changeit.
    2. Trust this certificate?: yes.
  7. Run keytool -list again to verify that your private root certificate was added to: C:\Program Files\Java\jre7\bin>keytool -list -keystore ..\lib\security\cacerts.

You will now see a list of all the certificates including the one you just added.

This confirms that your private root certificate has been added to the extranet server cacerts keystore as a trusted certificate authority.
  Online & Instructor-Led Courses | Training Videos | Webinar Recordings
© Alterian. All Rights Reserved. | Privacy Policy | Legal Notice