Velg en organisasjon
How to Download Whole Certificate Chain From A Remote Host and Import to a Trust Store
Publiseringsdato: Mar 2, 2024
Trinn
CONTENTS
This article is useful if you want to download all certificates (the whole certificate chain) from a remote host and import into a trust store. Or, you are getting the error below that suggests that you do not have the right certificates and you need to download the right ones.
org.mule.extension.ldap.internal.exception.LDAPException: org.mule.extension.ldap.internal.exception.LDAPException: CONNECTIVITY: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
STEPS TO FOLLOW
Here is the openssl command to download all certs to your current working directory (replace www.google.com with your target remote host):openssl s_client -showcerts -verify 5 -connect www.google.com:443 < /dev/null | awk '/BEGIN/,/END/{ if(/BEGIN/){a++}; out="cert"a".pem"; print >out}'
You should see files afterwards like this:
To import the above files into a trust store (whether the JDK cacert trust store or your own custom), run the following command to add that certificate to your trust store.
In the example below, replace "$JAVA_HOME/jre/lib/security/cacerts" with the path to your trust store file, as well as any name for the alias "<your alias here>":
keytool -importcert -file cert1.pem -keystore $JAVA_HOME/jre/lib/security/cacerts -alias "alias-test1" -deststoretype JKS keytool -importcert -file cert2.pem -keystore $JAVA_HOME/jre/lib/security/cacerts -alias "alias-test2" -deststoretype JKS
Knowledge-artikkelnummer
001115764
Hjalp denne artikkelen med å løse problemet ditt?
La oss få vite det slik at vi kan forbedre!
