How to configure trustStore for javax.net.ssl.trustStore on windows?

Actually all you need to do is use Windows-ROOT as trustStoreType. This will use built-in certificates so if anything works in your browser then it should work.

  1. Add to VM options:
    • -Djavax.net.ssl.trustStoreType=Windows-ROOT
    • -Djavax.net.ssl.trustStore=C:\\Windows\\win.ini
  2. Restart the server.

Note! Probably any readable file can be used as a trustStore path. It's not really used.

You can also use Windows-MY instead so:

-Djavax.net.ssl.trustStoreType=Windows-MY

See also: https://github.com/gradle/gradle/issues/6584#issuecomment-431862413.


You should first check what certificate server is sending you.To do it:

  1. Turn on ssl debug: -Djavax.net.debug=all
  2. Find the following lines in log: *** Certificate chain ...
  3. Find who the issuer of certificate
  4. Add issuer certificate to some trust store (actually if you receive cert. chain you can add root certificate)
  5. Rerun with -Djavax.net.ssl.trustStore=path/to/new/truststore and -Djava.net.ssl.trustStorePassword=...

BTW:

  1. You don't need to explicitly specify java trust store
  2. every setting of same system property overrides previous value
  3. you have strange line: DEBUG: trying to connect to host "10.53.151.183", port 143, isSSL false

Tags:

Windows

Java

Ssl

Imap

Truststore

Recent Posts