Skip to content

Instantly share code, notes, and snippets.

@matiasah
Created Jan 14, 2022
Embed
What would you like to do?
Fix PKIX exception in Java

How to fix PKIX exception in Java

Import the site's certificate into the cacerts.

Without proxy Java 11:

%JAVA11_HOME%/bin/keytool -delete -noprompt -alias <site> -storepass changeit -cacerts
%JAVA11_HOME%/bin/keytool -printcert -rfc -sslserver <site>:443 > %CERT_PATH%/<site>.pem
%JAVA11_HOME%/bin/keytool -importcert -file %CERT_PATH%/<site>.pem -alias <site> -storepass changeit -cacerts -noprompt

Without proxy Java 8:

%JAVA8_HOME%/bin/keytool -delete -noprompt -alias <site> -storepass changeit -trustcacerts
%JAVA8_HOME%/bin/keytool -printcert -rfc -sslserver <site>:443 > %CERT_PATH%/<site>.pem
%JAVA8_HOME%/bin/keytool -importcert -file %CERT_PATH%/<site>.pem -alias <site> -storepass changeit -trustcacerts -noprompt

With proxy Java 11:

%JAVA11_HOME%/bin/keytool -delete -noprompt -alias proxy-<site> -storepass changeit -cacerts
%JAVA11_HOME%/bin/keytool -J-Dhttps.proxyHost=<PROXY HOST> -J-Dhttps.proxyPort=<PROXY PORT> -printcert -rfc -sslserver <site>:443 > %CERT_PATH%/proxy-<site>.pem
%JAVA11_HOME%/bin/keytool -importcert -file %CERT_PATH%/proxy-<site>.pem -alias proxy-<site> -storepass changeit -cacerts -noprompt

With proxy Java 8:

%JAVA11_HOME%/bin/keytool -delete -noprompt -alias proxy-<site> -storepass changeit -trustcacerts
%JAVA11_HOME%/bin/keytool -J-Dhttps.proxyHost=<PROXY HOST> -J-Dhttps.proxyPort=<PROXY PORT> -printcert -rfc -sslserver <site>:443 > %CERT_PATH%/proxy-<site>.pem
%JAVA11_HOME%/bin/keytool -importcert -file %CERT_PATH%/proxy-<site>.pem -alias proxy-<site> -storepass changeit -trustcacerts -noprompt
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment