Using keystore in JAVA for Self-Signed SSL certificates

screenshot.2016-03-12
You may observe the next error when working with domains with self-signed certificate:

sun.security.provider.certpath.SunCertPathBuilderException: 
unable to find valid certification path to requested target

In this case you have to do next steps to allow java program trust to the given domain:

1. Get SSL certiicate for domain:

openssl s_client -connect somedomain.com:443 > cert1.cert

2. Generate java keystore:

D:\runtime\jdk8u45x64\bin\keytool -import -v -trustcacerts 
-file cert1.cert -keystore cacerts1.jks 
-alias somealias -keypass "changeit" -storepass "changeit"

Type “yes” when promts to accept certificate.

3. Add JVM arguments to your program:

-Djavax.net.ssl.trustStore="D:\projects\my\cacerts3.jks"
-Djavax.net.ssl.trustStorePassword="changeit"

4. (Optional) debug arguments:

-Djava.security.debug=certpath
-Djavax.net.debug=trustmanager

Also available java arguments (in case of self signed certificates not useful):

-Djavax.net.ssl.keyStore="D:\projects\my\cacerts3.jks"
-Djavax.net.ssl.keyStorePassword="changeit"

Thanx to:
https://www.javacodegeeks.com/2014/07/java-keystore-tutorial.html
https://docs.oracle.com/cd/E29585_01/PlatformServices.61x/security/src/csec_ssl_jsp_start_server.html
http://stackoverflow.com/a/20190493
https://github.com/denimgroup/threadfix/wiki/Importing-Self-Signed-Certificates