I’m posting this mostly because I do it infrequently enough that I have to remember again each time I do.
If you get a bind error when trying to connect to an SSL-protected resource in Java, it may be because the server is using an unrecognized certificate or certificate authority. Generally it’s a self-signed certificate, but in my case, I use an LDAP server that despite having a commercial certificate, said certificate is signed by a CA that is not trusted by default in the JRE.
So here’s the fix:
Get InstallCert.java
Download this small standalone program: InstallCert.java
In case that link is unavailable, the original source is widely available. Click here to google it.
Run it
Drop it in eclipse and go, or use the following commands to compile and run it manually:
javac InstallCert.java
java InstallCert <host>[:port] [passphrase]
# My example looks like this:java InstallCert ldap.mycompany.com:636
You should be presented with information about the certificate it finds on the server. Answer the prompt to save the certificate.
The program will exit, and you’ll have a new file in the current directory called “jssecacerts”.
Install the jssecacerts file
Now you need to copy this file to:
$JAVA_HOME/lib/security/
If you’re on a Mac, fear not if $JAVA_HOME is undefined. You can find it by running this program:
/usr/libexec/java_home
Even better, put the following line into your ~/.bash_profile for next time:
export JAVA_HOME=$(/usr/libexec/java_home)
With that done it’s a simple matter of moving the file:
sudo cp jssecacerts $JAVA_HOME/lib/security/jssecacerts
Now re-try your failed connection, and you should be able to connect.
Excellent article. Thank you!
What do we run it with if we are on a mac?
Hi Adam, are you referring to the InstallCert.java program? I would use Eclipse (or your IDE of choice) to run it, assuming you have a development environment. If you don’t have an IDE but need to run the program, look above for instructions on compiling it and running it in a terminal window.