I’m back on some Java coding after a fair time away and was getting the old PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException error.

Basically Java is complaining that it didn’t recognise the HTTPS SSL certificate of the maven repository (in this case one hosted in Artifactory). Here’s the steps to resolve this….

Note: Instructions are on Windows using Chrome, but should be similar in different browsers.

• Open the HTTPS repository in Chrome (or preferred web browser)
• Use the dev tools (ctrl+shift+i) and select the Security tab
• Click on the View certificate button
• Select the Details tab
• Click the Copy to file… button
• Click Next until you see the format selector, I used DER format
• Click Next etc. and save the exported cert to your hard drive

Let’s assume we saved the file as mycert.cer, now we need to import this into the cacert using the keytool…

• Go to the location of the JDK/JRE you’re using, for example C:\Program Files\Java\jdk1.8.0_101\jre\lib\security
• Open a command prompt and type

  keytool -import -alias mycert -keystore "C:\Program Files\Java\jdk1.8.0_101\jre\lib\security\cacerts" -file mycert.cer
  

  Replace the first occurence of mycert with a unique name (key) for your certificate and then obviously the mycert.cer is replaced with the name of the certificate file you saved.

• You’ll be asked for a password, the default is changeit obviously if this has been changed then use that
• Type yes when prompted if you want to proceed

That’s it – the certificate should now be available to Java.