permaculture playing cards
The moose likes Security and the fly likes programmatically load certificate Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "programmatically load certificate" Watch "programmatically load certificate" New topic

programmatically load certificate

Aleksander Popov

Joined: Feb 27, 2006
Posts: 5

I am trying to connect to an https server from my program, so I've created a certificate client.cer where I put my server's DNS name as CN value. In my application I tried to import the certificate:

and of course it didn't work, well the certificate loaded but I got PKIX path building failed: unable to find valid certification path to requested target when I tried to post to the server.

What worked is when I ran to populate jssecacerts in $JAVA_HOME/jre/lib/security with a certificate for my server and set system properties in my program:

Can someone explain what am I doing wrong here?

greg stark
Ranch Hand

Joined: Aug 10, 2006
Posts: 220
I think perhaps you are a little confused about the terminology. From the viewpoint of the client, you want to authenticate the server. To do so, you must configure the client's truststore so that it contains the CA root certificate that signed the server's certificate. Sometimes, and I'm guessing your application is one of these, the server certificate hierarchy just contains a single self-signed certificate. In this case, this certificate is functionally the CA root certificate. So this certificate must be preloaded in to the client's truststore. It only makes sense to do this prior to attempting a connection. There are many ways to configure the client's truststore; see

Nice to meet you.
I agree. Here's the link:
subject: programmatically load certificate
It's not a secret anymore!