How to verify a certificate has been loaded into the Java keystore

Document created by mike_aronson Employee on Nov 12, 2014Last modified by mike_aronson Employee on Dec 14, 2016
Version 4Show Document
  • View in full screen mode
You need to verify that a certificate was correctly loaded into the atom's Java keystore.


For example, you may be getting an error such as the one below and would like to search the keystore to see if your certificate is loaded:


Caused by: PKIX path building failed: unable to find valid certification path to requested target
Log onto the machines that are hosting the atom, molecule or cloud nodes.


Go to the atom installation folder and go into the .install4j folder.  Open the pref_jre.cfg file (or inst_jre.cfg file if the first file does not exist) in a text editor.


This file will contain a Java path, for example: C:\program files\java\jre8
Logged onto the atom machine (or first molecule/cloud node machine)
Start a command prompt as administrator and change directory to the bin/ folder under the Java path, for example:


C:\program files\java\jre8\bin


Run this command:


keytool -list -v -keystore ..\lib\security\cacerts > outputfile.txt


Open the bin/outputfile.txt in an editor and search for the certificate


If it does not exist, copy the certificate file to the lib/security folder under the java path and run this command to import the certificate:
keytool -import -file ..\lib\security\certificatename -keystore ..\lib\security\cacerts


Go through the prompts to import the certificate.  If necessary add an -alias aliasname to the command above, change the password (using changeit) and enter yes to trust the cert if prompted.


Run this command again:


keytool -list -v -keystore ..\lib\security\cacerts > outputfile.txt


Searched the outputfile.txt for the certificate and verify that it was added

If using a molecule or cloud, repeat the above steps for each machine hosting each node.
1 person found this helpful