This week's book giveaway is in the JDBC forum.
We're giving away four copies of Make it so: Java DB Connections & Transactions and have Marcho Behler on-line!
See this thread for details.
The moose likes Security and the fly likes programmatically load certificate Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Make it so: Java DB Connections & Transactions this week in the JDBC forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "programmatically load certificate" Watch "programmatically load certificate" New topic

programmatically load certificate

Aleksander Popov

Joined: Feb 27, 2006
Posts: 5

I am trying to connect to an https server from my program, so I've created a certificate client.cer where I put my server's DNS name as CN value. In my application I tried to import the certificate:

and of course it didn't work, well the certificate loaded but I got PKIX path building failed: unable to find valid certification path to requested target when I tried to post to the server.

What worked is when I ran to populate jssecacerts in $JAVA_HOME/jre/lib/security with a certificate for my server and set system properties in my program:

Can someone explain what am I doing wrong here?

greg stark
Ranch Hand

Joined: Aug 10, 2006
Posts: 220
I think perhaps you are a little confused about the terminology. From the viewpoint of the client, you want to authenticate the server. To do so, you must configure the client's truststore so that it contains the CA root certificate that signed the server's certificate. Sometimes, and I'm guessing your application is one of these, the server certificate hierarchy just contains a single self-signed certificate. In this case, this certificate is functionally the CA root certificate. So this certificate must be preloaded in to the client's truststore. It only makes sense to do this prior to attempting a connection. There are many ways to configure the client's truststore; see

Nice to meet you.
I agree. Here's the link:
subject: programmatically load certificate
jQuery in Action, 3rd edition