Icalendar binding with self signed certificate: SunCertPathBuilderException


I switched my calendar to a locally hosted nextcloud which has a self signed certificate.
Now I get an PKIX path building failed Exception.

2023-01-08 04:03:54.006 [WARN ] [g.icalendar.internal.handler.PullJob] - Download of calendar failed with ExecutionException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I tried adding the self signed cert to my machine but of course java has it’s own certstore.
I’ve tried adding a .crt to the cacerts but get a warning Warning: use -cacerts option to access cacerts keystore.
Then I get asked for a keystore password. What do I enter, blank password is not accepted.

How can I add a certificate that is not a cacert?

Hi Sebastian,

i don’t had the situation yet, but @usambara did the trick with a command to import the certificate to the truststore:

EDIT: a self-signed certificate is always a CA, because only CA’s can sign certificates. Sounds a bit weird but x509 PKI works that way. The system CA collection is a collection of x509 public keys and their existence in the system or program is the trust.

Hi Michael,

thanks for your reply.
What have you entered as a keystore password? Empty password doesn’t work.

try: changeit
Worked for me and according to

is "By default, the JRE trust store password is “changeit”. "

1 Like