How to import certificates in Java

Adding a certificate in the Java trust store

This chapter provides a short guide to importing the missing server certificate into the Java Truststore (cacerts file).

 

A missing server certificate in the trust store is characterized by the fact that, for example, a WMS service is not displayed in the WebOffice 10.2 SP3 client and the following message can be found in the log file:

caused by unable to find valid certification path to requested target

 

1.To do this, please carry out the following steps in your browser to identify the missing certificate.
a.if you use the Internet Explorer browser:

Open the desired website with the missing server certificate in the browser.

Use the small verification icon to the right of the address bar to open the certificate (show certificates) and switch to the Certification Path tab to read out the certification there.

 

Show certification path in Internet Explorer

 

Then go to the browser's internet options, click the Content tab, click the certificate you want to export, and click Export.

 

Export certificate in Internet Explorer

 

The certificate export wizard opens automatically. Click Next, leave the format at the first option and enter a file name to finally save the export.

 

Certification Export Wizard in Internet Explorer

 

 

b.Please carry out the following steps if you are using the Mozilla Firefox browser:

Open the desired website with the missing server certificate in the browser.

Open the certificate via the small verification icon to the left of the address bar (more information ...) and display it via certificate -> Details -> Export certification and save it as a .crt file.

 

Export certificate in Firefox

 

 

2. In the next step, install the KeyStore Explorer tool: http://keystore-explorer.sourceforge.net

3. Open the Keystore cacerts file in the KeyStore Explorer (e.g. to be found under / java_home / jre / lib / security / cacerts -> with the password "changeit")

4. Use Import trusted Certificate to import the previously exported .crt file and save cacerts.

 

Import certificate into truststore

 

5. The missing certification is then imported into the trust store.

 

Imported certificate in the trust store

 

Important note: If there are several Java environments (JREs, JDKs, Java6, Java7 ...) on the machine, it must be ensured that the corresponding certificates have been imported into the correct truststore, as there are just as many truststores as Java installations.

To do this, note the "java.home" parameter in the SynAdmin -> "System" tab. Then verify in the KeyStore Explorer that the required certificates are available in the associated trust store.

 

Example:

Java.home: C: \ Program Files \ Java \ jdk1.7.0_25 \ jre

Associated trust store: C: \ Program Files \ Java \ jdk1.7.0_25 \ jre \ lib \ security \ cacerts