Hi, I recently set up a server using a self-signed certificate and I just cannot get it to work on Java. My process was to create a ca pem and a key pem and use them for TLS. With this, I’ve gotten Mongo compass able to connect as well as a basic Python program. When i try to do the same thing in Java I constantly get this error:
BlockquoteCaused by: javax.net.ssl.SSLHandshakeException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
Because it’ s java, I also had to remove the extra tls stuff at the end of the uri and use trust and key stores to get it working, but it never ended up working. Below is my code:
System.setProperty("javax.net.ssl.trustStore","C:/Program Files/Java/jdk-21/lib/security/cacerts");
System.setProperty("javax.net.ssl.trustStorePassword","changeit");
System.setProperty("javax.net.ssl.keyStore", "C:/Program Files/Java/jdk-21/lib/security/mongodb.pkcs12");
System.setProperty("javax.net.ssl.keyStorePassword","changeit");
System.out.println(System.getProperties());
String connectionString = "<mongodb-uri>?tls=true";
MongoClientSettings settings = MongoClientSettings.builder()
.applyConnectionString(new ConnectionString(connectionString))
.applyToSslSettings(builder -> {
builder.enabled(true);
builder.invalidHostNameAllowed(true);
})
.build();
MongoClient client = MongoClients.create(settings);
To try to set up the trust store, I ran:
keytool -import -trustcacerts -file mongodbca.pem -keystore cacerts -storepass “changeit”
and for the key store I simply changed my pem file to a pkcs12 file with openssl with the following:
$ openssl pkcs12 -export -out mongodb.pkcs12 -in mongodbkey.pem
What is so strange to me, is that it works with everything else except for Java, and unfortunately the only one I need it to work on is Java lol. If you have any ideas, that would be awesome.