javasslssl-certificatekeytool

Java Keytool error after importing certificate , "keytool error: java.io.FileNotFoundException & Access Denied"


I'm trying to connect a Java Web API via HTTPS; however, an exception is thrown:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException

I followed these steps which I learned from online keytool & SSL cert tutorials:

  1. I copied the HTTPS URL into the browser, downloaded the SSL certificates & Installed them in the browser using Internet Explorer.

  2. Exported the certificates to a path on my computer, the certificates were saved as .cer

  3. Used the keytool's import option. The command below executed without any errors.

    keytool -import -alias downloadedCertAlias -keystore C:\path\to\my\keystore\cacerts.file -file C:\path\of\exportedCert.cer
    
  4. I was prompted for a password at the command prompt, which I entered then I was authenticated.

  5. The cmd window printed some certificate data & signatures and I was prompted with the question:

    Trust this certificate?

    I answered yes.

  6. The cmd prompt displayed

    Certificate was added to keystore

    However after that message, another exception was displayed:

    keytool error: java.io.FileNotFoundException: C:\Program files\...\cacerts <Access Denied>
    

Finally when I checked the keystore , the SSL certificate was not added and my application gives the same exception I was getting earlier when trying to connect:

(javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException)

Solution

  • I was having the same problem while importing the certificate in local keystore. Whenever i issue the keytool command i got the following error.

    Certificate was added to keystore
    keytool error: java.io.FileNotFoundException: C:\Program Files\Java\jdk1.8.0_151\jre\lib\security (Access is denied)
    

    Following solution work for me.

    1. Make sure you are running command prompt in Run as Administrator mode

    2. Change your current directory to %JAVA_HOME%\jre\lib\security

    3. Then issue the command below

      keytool -import -alias "mycertificatedemo" -file "C:\Users\name\Downloads\abc.crt" -keystore cacerts

    4. Enter the password changeit

    5. Enter y

    6. you will see the following message on success

      "Certificate was added to keystore"

    Make sure you are giving the cacerts only in -keystore param value, as I was giving the full path like C:\Program Files\Java\jdk1.8.0_151\jre\lib\security.

    Hope this will work