I'm trying to connect a Java Web API via HTTPS; however, an exception is thrown:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException
I followed these steps which I learned from online keytool & SSL cert tutorials:
I copied the HTTPS URL into the browser, downloaded the SSL certificates & Installed them in the browser using Internet Explorer.
Exported the certificates to a path on my computer, the certificates were saved as .cer
Used the keytool's import option. The command below executed without any errors.
keytool -import -alias downloadedCertAlias -keystore C:\path\to\my\keystore\cacerts.file -file C:\path\of\exportedCert.cer
I was prompted for a password at the command prompt, which I entered then I was authenticated.
The cmd
window printed some certificate data & signatures and I was prompted with the question:
Trust this certificate?
I answered yes.
The cmd prompt displayed
Certificate was added to keystore
However after that message, another exception was displayed:
keytool error: java.io.FileNotFoundException: C:\Program files\...\cacerts <Access Denied>
Finally when I checked the keystore , the SSL certificate was not added and my application gives the same exception I was getting earlier when trying to connect:
(javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException)
I was having the same problem while importing the certificate in local keystore. Whenever i issue the keytool command i got the following error.
Certificate was added to keystore
keytool error: java.io.FileNotFoundException: C:\Program Files\Java\jdk1.8.0_151\jre\lib\security (Access is denied)
Following solution work for me.
Make sure you are running command prompt in Run as Administrator mode
Change your current directory to %JAVA_HOME%\jre\lib\security
Then issue the command below
keytool -import -alias "mycertificatedemo" -file "C:\Users\name\Downloads\abc.crt" -keystore cacerts
Enter the password changeit
Enter y
you will see the following message on success
"Certificate was added to keystore"
Make sure you are giving the cacerts
only in -keystore param value, as I was giving the full path like C:\Program Files\Java\jdk1.8.0_151\jre\lib\security
.
Hope this will work