/
Using a Custom Certificate in JVM
Using a Custom Certificate in JVM
- Juliane Wetzel
Owned by Juliane Wetzel
Establish a connection using custom protocol (including http/https) to your own server which has self-signed or CAcert certificate.
Troubleshooting
If you see the following error:
Cannot create connection. Reason is sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid connection...
PKIX path building failed
java.lang.RuntimeException: Cannot create connection. Reason is sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target, PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target, unable to find valid certification path to requested target at datameer.dap.sdk.datastore.FileDataStoreModel.testConnect(FileDataStoreModel.java:58
You need to store the server certificate within the Java VM.
Storing a Server Certificate
Gather and import the root certificates of the particular authority.
curl -k -o "cacert-root.crt" "https://www.cacert.org/certs/root.crt"
curl -k -o "cacert-class3.crt" "https://www.cacert.org/certs/class3.crt"
echo $JAVA_HOME
sudo keytool -keystore ${JAVA_HOME}/lib/security/cacerts -storepass changeit -import -trustcacerts -v -alias cacertclass3 -file cacert-class3.crt
sudo keytool -keystore ${JAVA_HOME}/lib/security/cacerts -storepass changeit -import -trustcacerts -v -alias cacertclass1 -file cacert-root.crt
Gather and import the server certificate.
openssl s_client -connect www.<youraddress>.de:443 -showcerts </dev/null 2>/dev/null | openssl x509 -outform PEM > <youraddress>.pem
sudo keytool -keystore ${JAVA_HOME}/lib/security/cacerts -storepass changeit -import -trustcacerts -v -alias <youraddress>cert -file <youraddress>.pem
The JVM doesn't support all possible keysizes. In JVM 1.6 the maximum is 1024bit. This can lead to an error.
java.lang.RuntimeException: Cannot create connection. Reason is java.lang.RuntimeException: Could not generate DH keypair, Could not generate DH keypair, Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive) at datameer.dap.sdk.datastore.FileDataStoreModel.testConnect(FileDataStoreModel.java:58)
This is enhanced according to JDK 8 Security Enhancements.
, multiple selections available,
Related content
Using a Custom Certificate in JVM
Using a Custom Certificate in JVM
More like this
Using a Custom Certificate in JVM
Using a Custom Certificate in JVM
More like this
Import Custom SSL Certificates
Import Custom SSL Certificates
More like this
Import Custom SSL Certificates
Import Custom SSL Certificates
More like this
Import Custom SSL Certificates
Import Custom SSL Certificates
More like this
Configuring Secure LDAP (LDAPS)
Configuring Secure LDAP (LDAPS)
More like this