Posted by: peteinman | October 15, 2010

Updating Root Certificate Authorities–J2EE JDK

I had a problem I hadn’t encountered before in a J2EE environment. I had in the windows world and it was to to with trusted root authorities and certificates.

From one of our OSB proxy services, we were receiving the following message. This occurred after the server system we were communicating with updated their certificates.

General runtime error: [Security:090477]Certificate chain received from – 99.9.999.999 was not trusted causing SSL handshake failure.


I have had this with IE clients connecting to our system after we did the same thing, and a patch from Microsoft or the certificate suppliers sorted it.

I’d not encountered it in the J2EE world as we only communicate with one system via https, so was a little puzzled at first on what to do.

These are the steps I went through to solve it:

1) Download the certificate as a PEM file, then change to jre\lib\security and update the database “cacerts” which is the database of trusted authorities with this command.

keytool -keystore cacerts -storepass changeit -importcert -file mycert.pem –v

Probably easy if you’re used to working with certificates, but if you’re not…..



  1. and what, pray, is the meaning of this new word? is it meant to be taken literally? balled-up-socks? socks for balls? or is there some profound meanin Click

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s


%d bloggers like this: