|Applies To||Keon Certificate Authority 6.5.1|
Java Runtime Environment 1.4.2
RSA Public Root Signing
|Issue||Unable to establish an SSL connection using java application with RSA Keon Certificate Authority 6.5.1|
Error: "javax.net.ssl.SSLHandshakeException: Could not find trusted certificate" in Java application when establishing server-side SSL connection to the HTTPS port of a Web site protected by a RSA root signing certificate
|Cause||The Valicert root certificate authority that signs the KCA root certificate is not currently listed as a default trusted root certification authority in the Sun Java cacerts trusted certificate store|
|Resolution||To correct this issue, add the certificate to the Java trusted certificate store using the Java keytool. For more information, see http://java.sun.com/j2se/1.4.2/docs/tooldocs/solaris/keytool.html.|
1. Export the Valicert certificate. Go to any browser (that trusts correctly) and from tools/options/certificates export the certificate to a file using the default export which is DER format (no private key) to a file called Valicert.cer
2. Transfer the certificate to the client machine
3. Run the following command line from the jre bin location:
<JAVA HOME>\jre\bin\keytool -import -alias KCA_Valicert -file Valicert.cer -keystore <JAVAHOME>\jre\lib\security\cacerts -trustcacerts.
4. When asked if you want to trust the certificate, answer "Y"
NOTE: When accessing the cacerts keystore file, you will be asked for a password. The default password is "changeme".
|Legacy Article ID||a22362|