How to Add Certificate to the Java Keystore

Document created by gbockelmann Employee on Oct 12, 2011Last modified by Adam Arrowsmith on May 8, 2017
Version 5Show Document
  • View in full screen mode

Use Case

When importing certificates into an AtomSphere account to apply to an SSL connection, AS2 communication or PGP, there are cases when decryption/encryption failures may occur. The issuer of the certificate may not be automatically trusted by the Atom or perhaps the certificate was created using your own tool.

 

This article applies to the following error messages:

com.boomi.connector.ConnectorException: Error setting up FTP connection: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

 

Implementation

As of the April 2016 release, you should consider adding certificates to your Atom by creating and deploying Certificate componentsinstead of adding manually the Atom's Java keystore. The instructions below are provided for reference.

This solution describes how you can import a certificate directly to the Java Keystore to potentially resolve this problem.

  1. To determine which JRE the Atom is using, go to Atom Management > select Atom > Startup Properties. Alternatively, on the local Atom itself look in ../<Atom install root>/.install4j/pref_jre.cfg (if this file doesn't exist, look in ../<Atom install root>/.install4j/inst_jre.cfg).
  2. The keystore or cacerts file should be located in ..<Atom JRE>/lib/security/cacerts.
  3. Make a backup of cacerts.
  4. Open a command prompt and navigate to the Atom JRE's bin directory.
  5. Execute Java's keytool command to import the certificate (see below).
  6. Restart the Atom.

 

Command:

cd <FULL PATH TO ATOM JRE BIN>
keytool -importcert -alias <ALIAS> -file <FULL PATH TO CERT FILE> -keystore <FULL PATH TO CACERTS FILE> -storepass <KEYSTORE PASSWORD>

 

Example:

cd c:\program files\Java\jre1.8.0_31\bin
keytool -importcert -alias democert -file "C:\My Certs\demo-certificate.crt" -keystore "C:\Program Files\Java\jre1.8.0_31\lib\security\cacerts" -storepass password
4 people found this helpful

Attachments

    Outcomes