I want to use custom truststore with open jdk 17 and micronaut.
I want to access link similar to - https://gitlab.com/api/v4/feature_flags/unleash/42
I have added certificate belonging to the host to custom truststore.
I tried to setup custom truststore value using application.yml as well as VM arguments. I am also printing getProperty to ensure the truststore value has been updated when application is up.
Here are the 2 properties I am setting -
- javax.net.ssl.trustStore
- javax.net.ssl.trustStorePassword
However when I try to call the URL, I get error -
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
On enabling ssl debug logs, I see lines like below -
javax.net.ssl|DEBUG|17|restartedMain|2022-06-06 09:07:35.247 EST|TrustStoreManager.java:161|Inaccessible trust store: truststore.jks
javax.net.ssl|DEBUG|17|restartedMain|2021-06-06 09:07:35.248 EST|TrustStoreManager.java:112|trustStore is: C:\Program Files\Java\jdk-17.0.2\lib\security\cacerts
Any ideas on how this can be fixed?
How can I override TrustStoreManager path? Why is it saying Inaccessible trust store?
Note: I am on citrix VM machine, where I dont have permissions to add certs to default cacerts.
You should be able to configure your custom trust store via micronaut configuration properties. See https://docs.micronaut.io/latest/guide/configurationreference.html#io.micronaut.http.client.ServiceHttpClientConfiguration.ServiceSslClientConfiguration.DefaultTrustStoreConfiguration
e.g. in application.yaml:
If you use service-clients you can even configure it for each service seperately.