Java 2 Standard Edition SDK (J2SE SDK)

 
 
To develop desktop Java applications or if you need a Java Runtime Environment (JRE) you can use the Java 2 Standard Edition Software Development Kit (J2SE SDK).

The latest J2SE SDK version can be downloaded from: http://java.sun.com/j2se/







Add certificate in Java on macOS



Information
I was using the ant get task to get files from https://www.mobilefish.com/..

The ant task shows the following error message:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

To solve this problem you need to add the SSL certificate to the Java keystore.

Operating system used
macOS (Sierra) 10.12.3

Software prerequisites
Java on macOS


Procedure
  1. The Java keystore is located at.
    Type: echo $JAVA_HOME/jre/lib/security

    The Java keystore is the file: $JAVA_HOME/jre/lib/security/cacerts

    Note:
    This means that every installed java version has its own cacerts file.
    If you use another java version you need to reinstall the certificate.

  2. To show all certificates installed in the keystore.
    Type: cd $JAVA_HOME/jre/lib/security
    Type: keytool -list -keystore cacerts
    The keystore password is (default): changeit

    You should see:
    Enter keystore password:

    Keystore type: JKS
    Keystore provider: SUN

    Your keystore contains 104 entries

    verisignclass2g2ca [jdk], Aug 25, 2016, trustedCertEntry,
    Certificate fingerprint (SHA1): B3:EA:C4:4
    :


    Note:
    If you want to see more detailed information, add the -v flag.
    Type: keytool -list -v -keystore cacerts

  3. Before you import the certificate in the keystore make a backup of the keystore.
    Type: cd $JAVA_HOME/jre/lib/security
    Type: sudo cp cacerts cacerts.orig

  4. Import your self signed certificate in the keystore.
    Type: cd $JAVA_HOME/jre/lib/security
    Type: sudo keytool -importcert -alias domain -file /path/to/certificate.crt -keystore cacerts

    For example, type:
    sudo keytool -importcert -alias sand.mobilefish.com -file /etc/apache2/ssl/sand.mobilefish.crt -keystore cacerts

    You should see:
    Password: your_root_password
    Enter keystore password: changeit
    Owner: [email protected], CN=sand.mobilefish.com, OU=Research and development, O=Mobilefish.com, L=Zaandam, ST=Noord-Holland, C=NL
    Issuer: [email protected], CN=sand.mobilefish.com, OU=Research and development, O=Mobilefish.com, L=Zaandam, ST=Noord-Holland, C=NL
    Serial number: 8a7362fba9376522
    Valid from: Fri Aug 25 13:04:25 CEST 2017 until: Mon Aug 23 13:04:25 CEST 2027
    :
    Trust this certificate? [no]: yes
    Certificate was added to keystore


    More information about the keytool.
    Type: keytool -help

  5. To check if the certificate is stored is the keystore.
    Type: cd $JAVA_HOME/jre/lib/security
    Type: sudo keytool -list -keystore cacerts -alias sand.mobilefish.com

    You should see:
    Enter keystore password: changeit
    sand.mobilefish.com, Aug 26, 2017, trustedCertEntry,
    Certificate fingerprint (SHA1): 35:BB:57:11:56:55:12:FF:23:98:22:11:2D:22:00:24:A2:78:77:2


    Note:
    If you want to see more detailed information, add the -v flag.
    Type: sudo keytool -v -list -keystore cacerts -alias sand.mobilefish.com