Fix the "PKIX path building failed" error in handling SSL in Java

When using HttpClient to send requests to servers that employed SSL connections, i.e. the URL starts with "https", it's common to encounter the "PKIX path building failed". This is because that the JRE installed on your machine doesn't have the certificate for the request. You have to add it manually.

To do this, you need to export the certificates first, then import it into the JRE's store. You can use Firefox to access the site first, then you got its certificate stored in Firefox. Take Firefox 3 for example. You can open the "Options" dialog,  then click the "View Certificates" to open up another dialog which lists all the certificates. Find the one you need and export it in format "X.509 certificate (DER)" to a directory, say "c:\temp". (See figure below)  

After that, you can use the JRE's keytool to import the certificate. A sample command is like:

 keytool -keystore "C:\Program Files\Java\jre\lib\security\cacerts" -import -alias mycert -file "c:\temp\my.cer" -trustcacerts. 

The default password is "changeit" if you didn't change it.

That's all.