I have problems with appending the root and intermediate certificate to my SSL certificate. Please see below the steps.
- Create Java keystore named jira.corp.net.jks with Self signed certificate jira.corp.net
- Create a CSR to get CA signed certificate for jira.corp.net
- Received CA signed certificate and imported jira.corp.net into jira.corp.net.jks via Import Reply option in Keystore Explorer
- Appended intermediate and root certificate
The above steps works perfectly fine. Now, since my application requires the signed certificate in a different keystore cacerts, I imported the signed certificate. But now I don't get option to append the intermediate and root certificate. Because of this I get the below error,
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I understand that since the certificate request was created in a different keystore, the append option is not available. But how do I import the root and intermediate certificate in this case?
I have checked many blogs but couldn't make it work. If someone has knowledge on how to fix, please suggest.
Thanks!
Hi i usually generated the root CA with openssl and never worked importing that into the cacerts with keytools. You can instead generate it with this application i made out of desperation (it's a Java 11 app):
https://github.com/kendarorg/JavaCaCertGenerator
Its only purpose is to replace the generation of the private key and the root certificate, in a form "fit" for cacerts. From there you can produce the various certificates for the addresses and import the root CA inside the default cacert