Copying java keystore
Solution 1
First of all, if Web service doesn't require client certificate (i.e. that you introduce yourself) there's no need for keystore - you only need truststore.
It could be that other project cannot access truststore, so just for exercise, try to open C:\<workspaceprojectPath>\SIPkeystore\truststore.jks there and read first few bytes. If you succeed, it means that the other project has some other truststore set as default, so in that case try:
System.out.println(System.getProperty("javax.net.ssl.trustStore"));
Also, bear in mind that Java is case-sensitive, and you specified javax.net.ssl.truststore property instead of javax.net.ssl.trustStore. Try fixing this also.
Solution 2
Is there a possibility to copy an existing keystore?
Yes. From the file system perspective it is just a file.
I imagine that the problem is one of the following:
- The relevant properties are not correctly set in the other project.
- The other JVM cannot find the keystore file (e.g. because of chrooting or some such)
- The other JVM doesn't have the required permissions to access/read the keystore file.
- The read access is being blocked by (for instance) SELinux.
LuigiEdlCarno
I am your average 25 yr old (M. Sc.), working as a software developer.
Updated on June 04, 2022Comments
-
LuigiEdlCarno almost 2 years
I have a valid keystore on my local development machine, which contains a certificate for accessing a webservice via HTTPS.
I access this keystore in my project via:
System.setProperty("javax.net.ssl.truststore", "C:\\<workspaceprojectPath>\\SIPkeystore\\truststore.jks"); // sollte wohl auch ohne Keystore klappen System.setProperty("javax.net.ssl.keyStore", "C:\\<workspaceprojectPath>\\SIPkeystore\\SIPkeystore.jks"); System.setProperty("javax.net.ssl.keyStorePassword", "SECRET");Now I want to access that certificate from another project. There I provide the same (full) path to the keystore in the other (local) project directory.
Apparently the path is still found by the jvm and the property is being set, but on accessing the web service I get the same error message as if I hadn't added the keystore at all.
When trying run the application I get a
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetIs there a possibility to copy an existing keystore? This will be important also, when we deploy the application to our server. The application will run as stand-alone jar. (no web server)
EDIT: Ok, copying the keystore does not seem to be the problem, as I am able to run the original application while using a local copy of the original keystore files. It seems like it is a configuration issue.