aspose file tools*
The moose likes Security and the fly likes programmatically load certificate Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "programmatically load certificate" Watch "programmatically load certificate" New topic
Author

programmatically load certificate

Aleksander Popov
Greenhorn

Joined: Feb 27, 2006
Posts: 5
Hi,

I am trying to connect to an https server from my program, so I've created a certificate client.cer where I put my server's DNS name as CN value. In my application I tried to import the certificate:



and of course it didn't work, well the certificate loaded but I got javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target when I tried to post to the server.

What worked is when I ran http://blogs.sun.com/andreas/resource/InstallCert.java to populate jssecacerts in $JAVA_HOME/jre/lib/security with a certificate for my server and set system properties in my program:



Can someone explain what am I doing wrong here?

thanks,
Alex
greg stark
Ranch Hand

Joined: Aug 10, 2006
Posts: 220
I think perhaps you are a little confused about the terminology. From the viewpoint of the client, you want to authenticate the server. To do so, you must configure the client's truststore so that it contains the CA root certificate that signed the server's certificate. Sometimes, and I'm guessing your application is one of these, the server certificate hierarchy just contains a single self-signed certificate. In this case, this certificate is functionally the CA root certificate. So this certificate must be preloaded in to the client's truststore. It only makes sense to do this prior to attempting a connection. There are many ways to configure the client's truststore; see http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CustomizingStores


Nice to meet you.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: programmatically load certificate
 
Similar Threads
sun.security.provider.certpath.SunCertPathBuilderException
https client certificate
Problem with java certificates unable to find valid certification path
https connection added cert still getting exception please help?
java.security.PrivilegedActionException: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: