. Advertisement .
..3..
. Advertisement .
..4..
For the problem “java security cert certpathvalidatorexception certificate chaining error.” I tried to fix it, but It doesn’t work and returns the result I want. Here is my program:
Security.setProperty("ssl.SocketFactory.provider", "com.ibm.jsse2.SSLSocketFactoryImpl");
Security.setProperty("ssl.ServerSocketFactory.provider", "com.ibm.jsse2.SSLServerSocketFactoryImpl");
Security.setProperty("javax.net.ssl.trustStore", "cacerts.jks");
Security.setProperty("javax.net.ssl.keyStore", "keystore.jks");
Security.setProperty("javax.net.ssl.keyStoreType", "pkcs12");
Security.setProperty("javax.net.ssl.trustStoreType", "JKS");
and
java.security.cert.CertPathValidatorException: Certificate chaining error
javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=Walmart Root CA, O=Wal-Mart Stores Inc is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
at com.ibm.jsse2.o.a(o.java:22)
at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:423)
at com.ibm.jsse2.kb.a(kb.java:192)
at com.ibm.jsse2.kb.a(kb.java:176)
at com.ibm.jsse2.lb.a(lb.java:53)
at com.ibm.jsse2.lb.a(lb.java:464)
at com.ibm.jsse2.kb.s(kb.java:545)
at com.ibm.jsse2.kb.a(kb.java:530)
at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:79)
at com.ibm.jsse2.SSLSocketImpl.h(SSLSocketImpl.java:437)
at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:142)
at com.ibm.jsse2.SSLSocketImpl.startHandshake(SSLSocketImpl.java:686)
at com.ibm.net.ssl.www2.protocol.https.c.afterConnect(c.java:98)
at com.ibm.net.ssl.www2.protocol.https.d.connect(d.java:13)
at com.ibm.net.ssl.www2.protocol.https.b.connect(b.java:6)
at com.dwl.tcrm.tester.RESTClient_2.main(RESTClient_2.java:76)
has occurred. I’ve checked the entire command line but still can’t find the mistake.
The cause: The error message “java security cert certpathvalidatorexception certificate chaining error” indicates that cacerts have not added your certificate.
Solution: Attempt to run this command as keytool -list -v -keystore your path to cacerts and compare the serial number of your certificate to the output. Please adhere to the instructions below if it is not there.
The Intermediate certificate may be exported by:
Internet Explorer then click Tools then click Internet Options then click Content then click Certificates then click To view the Certificate Path: Select Certificate then click View then click Certification Path then click To Export the Certificate: Select Certificate then click Export then click DER
encoded Binary Format then click Save ( From Firefox then click Tools then click Options then click Advanced then click Encryption then click View Certificates ) after this add this exported certificate with below command
“keytool -import -trustcacerts -Keystore CACERTS(path) -alias alias -file cert path export in the 3rd step”
Assume you have a web app that is trying to access the restful service.
You should first not use
javax.net.ssl.*
properties to set up your stores. Instead, use SSL configurations available in WebSphere. Comment allsetProperty()
calls. The second step is to add your service-server certificate to the truststore.Login to the web admin console
Security > SSL certificate and key management > Key stores and certificates > NodeDefaultTrustStore > Signer certificates
Retrieve from port
button to specify hostname, port 443 and Alias.Retrieve singer information
button.Some versions imported the child certificate, but not the root. In that case you will need to manually download the root and intermediate certificates (e.g. You can import the child certificate via browser to
NodeDefaultTrustStore
. However, you will need to useAdd
button and notRetrieve..
.