Could not find trusted certificate

Question

Problem:

I'm getting a thrown error from javax.net.ssl.SSLHandshakeException (see attached picture)

Is it possible for Java to have a corrupt or missing CA cert? If so how can I repair or resolve this issue/error?

Things I've Tried:

1. I have removed all versions of JRE from the PC and installed the latest version of JRE (1.6.14).
2. Cleaned and removed all unnecessary Trusted Cert's from the User section of Certificates.
3. Try running keytool to get the fingerprints of the CA's

When trying to run the keytool I'm getting the following:

keytool error: java.security.cert.CertificateParsingException: java.io.IOException: subject key, java.security.spec.InvalidKeySpecException: Unknown key spec.

Answer 1

It is theoretically possible, but IMO highly unlikely, that Java has a corrupt CA cert. It is more likely that the CA cert you want is not in the JRE's cacerts store. You can check on the contents of the store (on Linux at least) using 'keytool'; e.g.

keytool -list -keystore /usr/java/jdk1.6.0_14/jre/lib/security/cacerts

Scan through that listing to see if you can see the fingerprint for the CAcert that your URL requires.

Reference: the JDK 6.0 JDK Development Tools / Security Tools page/section.