Home > Linux > Adding GoDaddy Intermediate Certificates to Java JDK

Adding GoDaddy Intermediate Certificates to Java JDK

March 16th, 2011

Recently we had an issue with one of our applications that was trying to post data via SSL to a provider that had their certificate signed by GoDaddy. It turns out the certificate was signed by their Intermediate CA. The JDK 1.6.0U24 we were using did not have these intermediate CA’s in the local key store, so we were seeing the following error:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I did some Googling and came up with a recipe to importing these certificates into the local store.

First you need to download the two intermediate certificates from GoDaddy. You can get them here:https://certs.godaddy.com/anonymous/repository.seam

The two you need are:

gd_cross_intermediate.crt
Go Daddy Secure Server Certificate (Cross Intermediate Certificate)

gd_intermediate.crt
Go Daddy Secure Server Certificate (Intermediate Certificate)

Download these two files to a directory on your Linux server.

The following is a script you can run to import the intermediate certificates:
import_gd.sh

export JAVA_HOME=/usr/java/default
$JAVA_HOME/bin/keytool -import -alias cross -file ./gd_cross_intermediate.crt -storepass changeit -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts
$JAVA_HOME/bin/keytool -import -alias root -file ./gd_intermediate.crt -storepass changeit -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts

I ran it here:

sh ./import_gd.sh
[root@webserver]# sh ./import_gd.sh
Certificate was added to keystore
Certificate was added to keystore

Categories: Linux Tags: , , ,