Skip to content

Instantly share code, notes, and snippets.

@matiasah
Created January 14, 2022 18:57
Embed
What would you like to do?
Fix PKIX exception in Java

How to fix PKIX exception in Java

Import the site's certificate into the cacerts.

Without proxy Java 11:

%JAVA11_HOME%/bin/keytool -delete -noprompt -alias <site> -storepass changeit -cacerts
%JAVA11_HOME%/bin/keytool -printcert -rfc -sslserver <site>:443 > %CERT_PATH%/<site>.pem
%JAVA11_HOME%/bin/keytool -importcert -file %CERT_PATH%/<site>.pem -alias <site> -storepass changeit -cacerts -noprompt

Without proxy Java 8:

%JAVA8_HOME%/bin/keytool -delete -noprompt -alias <site> -storepass changeit -trustcacerts
%JAVA8_HOME%/bin/keytool -printcert -rfc -sslserver <site>:443 > %CERT_PATH%/<site>.pem
%JAVA8_HOME%/bin/keytool -importcert -file %CERT_PATH%/<site>.pem -alias <site> -storepass changeit -trustcacerts -noprompt

With proxy Java 11:

%JAVA11_HOME%/bin/keytool -delete -noprompt -alias proxy-<site> -storepass changeit -cacerts
%JAVA11_HOME%/bin/keytool -J-Dhttps.proxyHost=<PROXY HOST> -J-Dhttps.proxyPort=<PROXY PORT> -printcert -rfc -sslserver <site>:443 > %CERT_PATH%/proxy-<site>.pem
%JAVA11_HOME%/bin/keytool -importcert -file %CERT_PATH%/proxy-<site>.pem -alias proxy-<site> -storepass changeit -cacerts -noprompt

With proxy Java 8:

%JAVA11_HOME%/bin/keytool -delete -noprompt -alias proxy-<site> -storepass changeit -trustcacerts
%JAVA11_HOME%/bin/keytool -J-Dhttps.proxyHost=<PROXY HOST> -J-Dhttps.proxyPort=<PROXY PORT> -printcert -rfc -sslserver <site>:443 > %CERT_PATH%/proxy-<site>.pem
%JAVA11_HOME%/bin/keytool -importcert -file %CERT_PATH%/proxy-<site>.pem -alias proxy-<site> -storepass changeit -trustcacerts -noprompt
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment