Manage Keystore Certs

In development environments it’s common enough to come across self assigned certs which can cause all sorts of problems when calling out to APIs.

Here’s a common error you will see for a self assigned cert in in Java:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

There’s a lot of information out there on in code work arounds but this means writing code that opens you up to man in the middle attacks.

So, what to do? You can import the self assigned cert. All the APIs I’ve dealt use HTTP and this means you can use a browser to download the cert.

All guides will have you using command line or terminal to import the certs, fortunately there is a really handy GUI based tool called KeyStore Explorer that lets you create your own keystore or better yet, open existing ones.

This means for me in Java I can browse to my cacerts keystore (default password is changeit) and can import self assigned certs that will get around my SSLHandshakeException.

Sources: