Breadcrumbs

Import Java HTTPS Certificates

If you use Java JDK 1.8.0_181 or higher, you can skip this step.

The built-in mechanism in Java prevents an instance to be connected to HTTPS without having its certificate explicitly imported. To allow your IM instance to connect to Pricefx API, e.g. on the URL https://pricefx.eu/pricefx, you will need to import the Pricefx certificate into your Java cacerts file. If you do not provide a proper certificate, the following Java exception is thrown:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target


To install the certificate, follow these steps:

  1. Download the certificate using the following Linux command:

    echo -n | openssl s_client -connect pricefx.eu:443 | \
   sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > pricefx_eu.crt


  2. Check the generated file pricefx_eu.crt. Its content should identical or similar to this:

    -----BEGIN CERTIFICATE-----
MIIGsjCCBZqgAwIBAgIQAlP/mcxIAYDYkd0E6AhoWTANBgkqhkiG9w0BAQsFADBD
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMR0wGwYDVQQDExR0
aGF3dGUgU0hBMjU2IFNTTCBDQTAeFw0xNzAxMzEwMDAwMDBaFw0yMDAxMzEyMzU5
NTlaMG8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIDAZCYXllcm4xIDAeBgNVBAcMF1Bm
YWZmZW5ob2ZlbiBhLmQuIEdsb25uMRYwFAYDVQQKDA1QcmljZSBmKHgpIEFHMRUw
EwYDVQQDDAwqLnByaWNlZnguZXUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC/uNIQZP3jEpmtG/H24dKriOTTldHqJfGKo8Jg6AsEkEOxkwcfu7trnSQQ
3mbvzts86xROuTdTkfFJAyIdP/tEWDTC3o0sB72BJavwJ6XcLBuZ1j++sG7nvQFH
m2tYrvj2WPvRIDkLMFfYDjNZNVMERhNufV5kOG/OKGx/0gujBN31FckBzPyIorXN
40rIGOzmqr8SGNfsNg7xInxR350GfW+lQRlZNd0+gUYp/4h67pSlfyTK6idEMZAX
6q5wym4GQnl7WE9f00J9QmsWoe9r3Atzeiqe89iXq9H/JnrHfKVbW/MNH0N92n37
0ZX0H83T82Tqpx975XaPOg+xKtYPAgMBAAGjggN0MIIDcDAjBgNVHREEHDAaggwq
LnByaWNlZnguZXWCCnByaWNlZnguZXUwCQYDVR0TBAIwADBuBgNVHSAEZzBlMGMG
BmeBDAECAjBZMCYGCCsGAQUFBwIBFhpodHRwczovL3d3dy50aGF3dGUuY29tL2Nw
czAvBggrBgEFBQcCAjAjDCFodHRwczovL3d3dy50aGF3dGUuY29tL3JlcG9zaXRv
cnkwDgYDVR0PAQH/BAQDAgWgMB8GA1UdIwQYMBaAFCuaNa4BGDgw4XB6BeARdqPO
vZAUMCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly90Zy5zeW1jYi5jb20vdGcuY3Js
MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBXBggrBgEFBQcBAQRLMEkw
HwYIKwYBBQUHMAGGE2h0dHA6Ly90Zy5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0
dHA6Ly90Zy5zeW1jYi5jb20vdGcuY3J0MIIB9gYKKwYBBAHWeQIEAgSCAeYEggHi
AeAAdQDd6x0reg1PpiCLga2BaHB+Lo6dAdVciI09EcTNtuy+zAAAAVnzhSe5AAAE
AwBGMEQCIDkWBgoyuRMq0VANZNW+3KQGjYaOOexk3FU1VJOa32txAiATdrCi7A6F
fg65PApqfX1+EVLLvTy9twkNlfCMMF8EcwB2AKS5CZC0GFgUh7sTosxncAo8NZgE
+RvfuON3zQ7IDdwQAAABWfOFJ/EAAAQDAEcwRQIhAKmF0JQIXnMsswPJXDwFqrvF
LZv+FPKcEyb/YNlZ4JVlAiBJBbDCeZAm6/Oom1wrQGfQJxOdB50X7DoRdks1D6Rc
YgB3AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6qP3LAAABWfOFKAoAAAQD
AEgwRgIhAOrgCKtdx5Wwse82isOgatvQjDBEc0cSAIA8kTGwh5wyAiEA+HjOchQP
IwOuFrhTIPjNsTqRZLPGUMV6zta4RKMb5Q8AdgC8eOHfxfY8aEZJM02hD6FfCXlp
IAnAgbTz9pF/Ptm4pQAAAVnzhSitAAAEAwBHMEUCIDGCwDI34kSR/weFhg+0iJnq
BAElBpG2zKC03p+r67pFAiEA3uBALZyvF+oO2ybtoiX9m5r3N8l27KX+HCSB6ouS
2UwwDQYJKoZIhvcNAQELBQADggEBAIgrk9U57pTaokLYXC/KkeqI8FS2fAKuFcmc
8dkwPA38hzEE2Z5hYwNyE8KZLfOll/Yjc0Of7/w8z0U6oTGOy08aa9meoU6jhNc3
4++SbCWVqKLtg/3Wnj8qlaED+btsIqrDhzS0ukszTSpNh3oXSeKADh10lai6eGDm
Ys9JoKRsQoWK1Ej/byHvVG+l3hCJSI0qYmTvMKzk2JcrEVLw2KgXAbC9GPqZ8M4+
tw+iKf4JsTGH68Wxx+IpCmlQe07gYhYVTsL89+T5oAFMctzz1CQbEp946izs1aVs
1b2AkVAwmSDQm/luZu1GeluV8moa/6lALHw5sXA/JlHyunXZEvs=
-----END CERTIFICATE-----


    Then check if the certificate information is valid: 

    openssl x509 -in ./pricefx_eu.crt -text


  3. Use Java keytool to import the certificate to the Java instance:

    sudo keytool -importcert -file ./pricefx_eu.crt -alias pricefx_eu -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit

    Note that changeit is the default password for every Java cacert repository. If you change it (and you should), you have to provide a proper password.

  4. Use the following Java snippet to check if the certificate was imported successfully and if Java can connect to the server:

    Java
    SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
URL url = new URL("https://pricefx.eu");
HttpsURLConnection conn = (HttpsURLConnection)url.openConnection();
conn.setSSLSocketFactory(sslsocketfactory);
InputStream inputstream = conn.getInputStream(); // if not imported successfully, this will cause javax.net.ssl.SSLHandshakeException
inputstream.close();


If using multiple Java instances and versions, always make sure you use keytool from the proper instance, absolute paths in the commands, etc. Also, the certificate should be imported to JRE under the JDK folder.