{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 狗以群分 的问题《imported a certificate.pfx into cacerts and still》','https://www.manongdao.com/q-839255.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I wrote a webservice client and now fail to get it to run through https. Although I imported the cert.pfx(alias=cert) into javas cacerts and succesfully added an entry with the certs alias.
Still i cant use the wsimport prompt on the wsdl url. It says: PKIX path building failed unable to find valid certification path to requested target. Well okay. So i researched a bit and tried setting it with
setlocal set _JAVA_OPTIONS=%_JAVA_OPTIONS% -Djavax.net.ssl.trustStore="C:\Program Files\Java\jdk1.7.0_79\jre\lib\security\cacerts" -Djavax.net.ssl.trustStorePassword=changeit -Djavax.net.ssl.keyStoreType=PKCS12 -Djavax.net.ssl.keyStorePassword=xxxxxxxxx -Djavax.net.ssl.keyStore="d:\cert.pfx" "C:\Program Files\Java\jdk1.7.0_79\bin\wsimport" -s C:\Users\me\keystore\bin\s -keep https://service.xxxxxxxxxxx.de/xxxxxxxxxxxxTest?wsdl endlocal
without success.
I also tried exporting the certificate out of the cert.pfx file and then importing the certificate into cacerts via keytool -exportcert and keytool -importcert. Later I tried exporting the certificates from my browser (because my browser handles the certificates just fine and can access the https url). I exported the root certificate into a root.cer file and imported this .cer into my cacerts (I had to use a different alias than cert. With cert as alias i got a "Keys not matching" message in the console when using the keytool prompt).
A dump on cacerts shows that there is indeed an entry in cacerts. I dont get why java refuses to do a wsimport on the url.
In the end i just downloaded the url destination onto my machine and did the wsimport on the downloaded .xml-file and later changed the url parameters in the generated stubs. Doesnt help though, because when i run the application im running into the "PKIX...unable to find valid certification path to requested target" error.
You need to also import the *.der certificate to your keystore before trying to modify the jvm options.
Here's an overall summary of how to import certificates to fix the following error:
How to import certificates
.derImport all *.der files into the cacerts file using the following:
The default keystore password is 'changeit'
You can view the change that you made with this command that shows the Certificate fingerprint.
If this doesn't solve the problem, try adding these java options as arguments: