Skip to content

Instantly share code, notes, and snippets.

@cyroxx

cyroxx/README.rst

Last active December 22, 2015 07:29
Show Gist options
  • Save cyroxx/6438366 to your computer and use it in GitHub Desktop.
Save cyroxx/6438366 to your computer and use it in GitHub Desktop.
Download ZIP
[JRE] How to extend the list of trusted CAs
Raw
README.rst
[JRE] How to extend the list of trusted CAs in the Java Runtime Environment
or: How to resolve 'SunCertPathBuilderException: unable to find valid certification path to requested target'

Above exception is thrown when you try to open a HTTPS connection to a website whose certificate is not signed by a trusted certificate authority (CA).

What you should do:

  1. Download/Export the CA certificate for the desired website (not the certificate of the website itself).
  2. Open up an administrator shell.
  3. Type the following:
keytool -importcert -file <path/to/cacert.crt> -alias <myalias> -keystore "%JRE_HOME%\jre\lib\security\cacerts"

Make sure to include the -keystore option.

Troubleshooting

If it still doesn't work, run java with -Djavax.net.debug=all and examine the output. You should see a line that starts with trustStore is:, followed by a path. Make sure that this is the same path as the one you used for the -keystore option.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment