0

I am trying to access one HTTPS url from my local for which I have added the certificate in my cacerts using below command from cmd.

keytool -import -file "C:\Users\loren\customerapi.cer" -keystore "C:\Program Files\java\jdk1.8.0_25\jre\lib\security\cacerts" -storepass "changeit

I have put the cacerts file in same folder as my class and now trying to load cacerts in my project using below lines but it is throwing error -

System.setProperty("javax.net.ssl.trustStore", "cacerts.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");

Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200)
at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:120)
at java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:104)
at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:88)
... 25 more

Moreover in my security folder I can see cacerts is of file FILE, isn't should be of type jks? enter image description here

Loren
  • 320
  • 1
  • 10
  • 25
  • The related notions promulgated by Windows that the last dotted component of a filename is or must be an extension, and that said extension must or reliably does indicate the file type, are completely and dangerously wrong. What Explorer claims to be the 'type' is actually just the last dotted component, which may or may not be an extension, and if it is an extension may or may not indicate the file type. You can get slightly less wrong results by finding and turning off the option to 'Hide extensions for known file types' (which contrary to its name hides unknown 'types' also). ... – dave_thompson_085 Nov 11 '21 at 12:41
  • ... As applicable to your case, `cacerts` supplied by Java _is_ a JKS file, but it is _not_ named with `.jks` and does not need to be. If/when you copy it, you can name it with `.jks` added if you want, or not, but whichever you choose, you need to do so consistently. – dave_thompson_085 Nov 11 '21 at 12:43

0 Answers0