I’ve just hit this issue my self. Whilst beta testing I found maven wouldn’t accept the cert (I have proxied Nexus on a whitelisted domain) & maven was failing with:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
The temporary solution (until Oracle adds it to the JDK) was to use the following to manually add the certificate chain to the JDK:
Presuming:
- JAVA_HOME is the location of the JDK, i.e. for me it’s /usr/local/java/jdk1.8.0_66
- chain.pem is the certificate chain from lets-encrypt
The following command will add it to the local JDK:
keytool -trustcacerts \
-keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit \
-noprompt -importcert -file chain.pem
Peter