Adding GoDaddy Intermediate Certificates to Java JDK
Recently we had an issue with one of our applications that was trying to post data via SSL to a provider that had their certificate signed by GoDaddy. It turns out the certificate was signed by their Intermediate CA. The JDK 1.6.0U24 we were using did not have these intermediate CA’s in the local key store, so we were seeing the following error:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I did some Googling and came up with a recipe to importing these certificates into the local store.
First you need to download the two intermediate certificates from GoDaddy. You can get them here:https://certs.godaddy.com/anonymous/repository.seam
The two you need are:
Go Daddy Secure Server Certificate (Cross Intermediate Certificate)
Go Daddy Secure Server Certificate (Intermediate Certificate)
Download these two files to a directory on your Linux server.
The following is a script you can run to import the intermediate certificates:
$JAVA_HOME/bin/keytool -import -alias cross -file ./gd_cross_intermediate.crt -storepass changeit -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts
$JAVA_HOME/bin/keytool -import -alias root -file ./gd_intermediate.crt -storepass changeit -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts
I ran it here:
sh ./import_gd.sh [root@webserver]# sh ./import_gd.sh Certificate was added to keystore Certificate was added to keystore