000026023 - Unable to establish an SSL connection using java application with RSA Keon Certificate Authority 6.5.1

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000026023
Applies ToKeon Certificate Authority 6.5.1
Java Runtime Environment 1.4.2

RSA Public Root Signing
IssueUnable to establish an SSL connection using java application with RSA Keon Certificate Authority 6.5.1
Error: "javax.net.ssl.SSLHandshakeException: Could not find trusted certificate" in Java application when establishing server-side SSL connection to the HTTPS port of a Web site protected by a RSA root signing certificate
CauseThe Valicert root certificate authority that signs the KCA root certificate is not currently listed as a default trusted root certification authority in the Sun Java cacerts trusted certificate store
ResolutionTo correct this issue, add the certificate to the Java trusted certificate store using the Java keytool. For more information, see http://java.sun.com/j2se/1.4.2/docs/tooldocs/solaris/keytool.html.

1. Export the Valicert certificate. Go to any browser (that trusts correctly) and from tools/options/certificates export the certificate to a file using the default export which is DER format (no private key) to a file called Valicert.cer

2. Transfer the certificate to the client machine

3. Run the following command line from the jre bin location:

    <JAVA HOME>\jre\bin\keytool -import -alias KCA_Valicert -file Valicert.cer -keystore <JAVAHOME>\jre\lib\security\cacerts -trustcacerts.

4. When asked if you want to trust the certificate, answer "Y"

NOTE: When accessing the cacerts keystore file, you will be asked for a password. The default password is "changeme".
Legacy Article IDa22362

Attachments

    Outcomes