[JRE] How to extend the list of trusted CAs in the Java Runtime Environment
or: How to resolve 'SunCertPathBuilderException: unable to find valid certification path to requested target'
Above exception is thrown when you try to open a HTTPS connection to a website whose certificate is not signed by a trusted certificate authority (CA).
What you should do:
- Download/Export the CA certificate for the desired website (not the certificate of the website itself).
- Open up an administrator shell.
- Type the following:
keytool -importcert -file <path/to/cacert.crt> -alias <myalias> -keystore "%JRE_HOME%\jre\lib\security\cacerts"
Make sure to include the -keystore
option.
Troubleshooting
If it still doesn't work, run java
with -Djavax.net.debug=all
and examine the output. You should see a line that starts with trustStore is:
, followed by a path. Make sure that this is the same path as the one you used for the -keystore
option.