"PKIX path building failed" and "unable to find valid certification path to requested target"
- Go to URL in your browser:
- firefox - click on HTTPS certificate chain (the lock icon right next to URL address). Click
"more info" > "security" > "show certificate" > "details" > "export..". Pickup the name and choose file type example.cer - chrome - click on site icon left to address in address bar, select "Certificate" -> "Details" -> "Export" and save in format "Der-encoded binary, single certificate".
Now you have file with keystore and you have to add it to your JVM. Determine location of cacerts files, eg.
C:\Program Files (x86)\Java\jre1.6.0_22\lib\security\cacerts.Next import the
example.cerfile into cacerts in command line (may need administrator command prompt):
keytool -import -alias example -keystore "C:\Program Files (x86)\Java\jre1.6.0_22\lib\security\cacerts" -file example.cer
You will be asked for password which default is changeit
Restart your JVM/PC.
source: http://magicmonster.com/kb/prg/java/ssl/pkix_path_building_failed.html
After many hours trying to build cert files to get my Java 6 installation working with the new twitter cert's, I finally stumbled onto an incredibly simple solution buried in a comment in one of the message boards. Just copy the cacerts file from a Java 7 installation and overwrite the one in your Java 6 installation. Probably best to make a backup of the cacerts file first, but then you just copy the new one in and BOOM! it just works.
Note that I actually copied a Windows cacerts file onto a Linux installation and it worked just fine.
The file is located in jre/lib/security/cacerts in both the old and new Java jdk installations.
Hope this saves someone else hours of aggravation.
MY UI approach:
- Download keystore explorer from here
- Open $JAVA_HOME/jre/lib/security/cacerts
- enter PW: changeit (Can be changeme on Mac)
- Import your .crt file
CMD-Line:
keytool -importcert -file jetty.crt -alias jetty -keystore $JAVA_HOME/jre/lib/security/cacerts- enter PW:
changeit(Can be changeme on Mac)