Skip to content

SSL:Java Keystores

Jump to bottom
lbonanomi edited this page Mar 22, 2019 · 5 revisions

Java is barfing with a "SunCertPathBuilderException" error

If you see this:

Caused by: sun.security.validator.ValidatorException: 
   PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: 
   unable to find valid certification path to requested target

Java doesn't trust the certificate signer. If you have an internal CA append the intermediate certificate to the server's certificate.

Generating keys

openssl req -x509 -newkey rsa:4096 -nodes -out cert.pem -keyout key.pem -days 365

Converting PKCS12 files to/from OpenSSL Certificate Chain:

openssl pkcs12 -in $keystore.p12

openssl pkcs12 -export -in $keystore.txt -inkey $keystore.txt -out $keystore.p12 -name $key_name -CAfile $keystore.txt -caname root

Java Keystores

Backup java keystore keys to PKCS12 format:

keytool -importkeystore -srckeystore $keystore.jks -destkeystore $keystore.p12 -deststoretype PKCS12

Restore a java keystore from a pkcs12 file

  1. Create a new, empty keystore:
keytool -genkey -alias $alias -keyalg RSA -sigalg SHA256withRSA -keystore $keystore.jks
  1. Convert PKCS12 formatted file to java keystore:
keytool -importkeystore -deststorepass $STORE_PASSWORD -destkeypass $STORE_PASSWORD -destkeystore $keystore.jks -srckeystore $keystore.p12 -srcstoretype PKCS12 -srcstorepass $STORE_PASSWORD -alias $alias

AWS

Apache

FleetDM

GHE

GSuite

Git

Grafana

Java

Jenkins

Jira

Linux

OpenLDAP

Openstack

SSL

X

kubernetes

webdriver

Clone this wiki locally