This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Other JSE/JEE APIs and the fly likes Default keystore(s) used for HTTPS? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Other JSE/JEE APIs
Bookmark "Default keystore(s) used for HTTPS?" Watch "Default keystore(s) used for HTTPS?" New topic

Default keystore(s) used for HTTPS?

David Norman

Joined: May 15, 2008
Posts: 2
I'm trying to do a get over https to one of our servers. It works from a browser, but not from my Java code (running on Java version 1.5.0), where I get the exception: PKIX path building failed: unable to find valid certification path to requested target

(I can connect to other urls using https.)

As I understand it, the error is occurring because I don't have a certificate from the CA that signed the server certificate. So I've exported the CA root certificate from Internet Explorer and imported it into the keystore of my jre using keytool.

However, I still get the same exception and I'm wondering if the SSL library and I are using the same keystore.

The keystore I imported the certificate into is lib\security\cacerts relative to the jre path from the java.home property.

Whether I set and or not makes no difference. I understand there is search algorithm that uses the property but will ultimately use lib\security\cacerts.

Can anyone see any mistakes in my reasoning or alternatives I could try? I guess I could put the CA certificate in a separate keystore and specify that via

My actual code is just this:


Himanshu Kansal
Ranch Hand

Joined: Jul 05, 2009
Posts: 257
Did you find a solution? I've got this exact same issue. I'm using a Mac.

Experience and talent are independent of age
It is sorta covered in the JavaRanch Style Guide.
subject: Default keystore(s) used for HTTPS?
Similar Threads
Problem with java certificates unable to find valid certification path
SSL Handshake Issue
Received fatal alert: handshake_failure
SSL issues with cacerts (-trustcacerts option)
SSL Implementation not available