This chapter provides a short instruction, how to import a missing server certificate to the Java truststore (cacerts file).
A server certificate might be missing in the truststore if, e.g. a WMS service will not be displayed in the WebOffice 10.9 clients and the following notification shows up in the log:
caused by unable to find valid certification path to requested target
1. Therefore, take the following steps in your browser to identify the missing certificate.
a. If you are using Internet Explorer open the respective web site in the browser where the server certificate is missing. Click the lock symbol to identify the Certification Path. Open Internet Options, click the tab Content, then Certificates, select the certificate to be exported and click Export. After the Certificate Export Wizard opened automatically, click the first option, then Next and define the name of the file you want to export.
Identify the certification path
Export certificate in the Internet Explorer
Choose the export file format
b. Take the following steps if you are using Mozilla Firefox: Open the respective web site in the browser where the server certificate is missing. Open the certificate with a click on the lock symbol and press More Information... In the new window click View Certificate > Details, select the certificate and click Export... then save the .crt file.
Export certificate in Firefox
2. In the next step install the tool KeyStore Explorer: http://keystore-explorer.sourceforge.net
3. In the KeyStore Explorer open the cacerts file (e.g. find it under /java_home/jre/lib/security/cacerts -> with password „changeit“)
4. Press the button Import trusted Certificate and import the previously exported .crt file, then save the cacerts. Now the missing certificate is in the truststore.
Import certificate in the truststore
Imported certificate in the truststore
An alternative way to add a certificate in the Java Truststore is by using the Windows command prompt.
For this the following command line must be used:
..\..\bin\keytool -import -trustcacerts -keystore cacerts -storepass changeit -noprompt -alias yourAliasName -file path\to\certificate.cer
Example for adding a certificate in Java Truststore by using command prompt
Important Note: In case there are multiple Java environments (JREs, JDKs, Java6, Java7,...) on the machine, it has to be ensured that the respective certificate was imported to the correct truststore since there are as many truststores as java installations.
In order to check this, go to SynAdmin > tab "System" and consider the parameter "java.home". Afterwards, verify in the KeyStore Explorer whether the certificate is available in the respective truststore.
java.home: C:\Program Files\Java\jdk1.7.0_51\jre
corresponding truststore: C:\Program Files\Java\jdk1.7.0_51\jre\lib\security\cacerts
Article is closed for comments.