When ever we have integration with webservices or other server, where java/tomcat process interacts using https protocol, we need to install certificate for the same. This is common requirement where certificate expires or not able to find valid certificates, We get below like below exception. To fix this issue we can use keytool utility to register certificate.
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
Steps to install certificate in java store.
1. Get certificate files(usually .crt file.). We can open the url in firefox / chrome and then click on https/certificate, it will display more information-> Security tab-> View Certificate button -> Details Tab->export and save file with some name with .crt extension(example.crt).
2. As an example java is installed on (/usr/jdk), run following command to see already existing certificates.
/usr/jdk/bin/keytool -list -keystore “/usr/jdk/jre/lib/security/cacerts”
It will ask password, default password is changeit
2. Install certificate with following command.
/usr/jdk/bin/keytool -import -noprompt -trustcacerts -alias mysite -file example.crt -keystore “/usr/jdk/jre/lib/security/cacerts” -storepass changeit
Thats it certificate will be installed in your java process. and restart the server, every thing will be good now.
Creativity never stops 