File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes JNLP and Web Start and the fly likes Smart Cards and Java Web Start ? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JNLP and Web Start
Bookmark "Smart Cards and Java Web Start ?" Watch "Smart Cards and Java Web Start ?" New topic

Smart Cards and Java Web Start ?

Ben Princen

Joined: Dec 02, 2005
Posts: 1
I'm trying to get my Smart card working with Java web start.
A first step was to use the JSE 1.5, since support for Smart Cards is better than previous versions.
Now, our application uses SSL and requires client authentication using a Smart Card. We use Java Web Start.
The Web Start can authenticate by using the Smart Card, and JARS are downloaded. However, when our actual JAR files start up, the cannot communicate with the server. An PKIX path building failed: unable to find valid certification path to requested target

is thrown.
Must I add some certificates to the keystore, or...?
Anyone who can point me in the good direction ?

Thanks a lot,
Scott Larson

Joined: Feb 02, 2006
Posts: 1
I think so. In some HTTP / HTTPS work I did recently building a file downloader component, when I encountered this exception: unable to find valid certification path to requested target

I solved it by doing this:

1 Browse to the ssl site you're trying to reach so that you get prompted by the browser to accept the untrusted cert:
"Security Alert" Yes | No | View Certificate
Click the View Certificate button, Details tab, Copy to File button.
Save to a file (I chose DER encoded .cer file (named it

2 Create trusted keystore & import this certificate using this set of commands:

REM Add certificate to trust.keystore
%JAVA_HOME%\bin\keytool -import -alias ejix-fileserver -file "" -keystore trust.keystore -storepass password

REM Confirming keystore
%JAVA_HOME%\bin\keytool -v -list -keystore trust.keystore -storepass password

3 Run the program using this command:

%JAVA_HOME%\bin\java -classpath .;.\commons-httpclient-3.0.jar;.\junit.jar;.\commons-logging.jar;.\commons-codec-1.3.jar com.example.filedownload.client.DownloadFileTest

Adding the certificate to the trusted keystore solved the problem. Another common pitfall of SSL implementation is making sure the name within the certificate (you can see this while you're viewing the certificate as described above) matches the destination hostname in your https request. For example, is different than

Alternatively, you could write java code to accept all untrusted or self-signed certificates (see Using SSL with HTTP Commons for examples) but this is obviously a bit of a security vulnerability.

Hope this helps. I'm happy to answer questions if I can. I'm interested in your Java Web Start / Smart Card solution, so perhaps we can compare notes.

[ February 02, 2006: Message edited by: Scott Larson ]
I agree. Here's the link:
subject: Smart Cards and Java Web Start ?
It's not a secret anymore!