Sunday, December 9, 2012

Configuring certificates in apache

To view whether you certificates are configured correctly use the following command:

keytool -printcert -sslserver

Thursday, November 22, 2012 PKIX path building failed PKIX path building failed 

This error means that the certifcate that you have recevied in your code does not have an authority and so by default, the Java software rejects it.

To get around this, you'll have to manually import this certificate into your local keystore.

First you'll want to export the certificate to local drive. To do that we'll use firefox browser to find and export that certificate to file:

Click on Tools -> Options -> Advanced -> Encryption tab and you should see the following:


Then click on "View certificates"

Go to the "Servers" tab
Find the certficate of interest, and then click "Export"
Save the certficate some where to disk. You'll be importing the certificate to your keystore next.

Java's keystore is located here:

To import the certificate, we'll use the keytool command:

keytool -import -noprompt -trustcacerts -alias dc7-dev2 -file EXPORTED_CERTIFICATE -keystore "JAVA_HOME\jre\lib\security\cacerts"

Then you will be prompted for a password. By default, the password is "changeit"

 If all goes well, you should see the following response message: "Certificate was added to keystore"