Adding certificate in Java

When I try to add my site to the task repositories, I get a Java error that says SSL Handshake failed. What do I do?

This will happen if your site is using a self-signed certificate or a certificate that was otherwise signed by a CA that is not contained in the default trusted CA's by your JVM. To solve this problem, you need to add your server certificate to the your JVM certificate keystore. Java includes a command named "keytool" for this purpose. Here is what you need to do:

1. First, you need a copy of the server certificate. You can get this from your web browser. Just access your site using a web browser. In most browsers, you can double-click on the padlock icon to examine the server certificate. There is then usually an option somewhere in the resulting dialogs that lets you export the certificate to a file. Let's say you named the file MyServer.cert.
2. Next, you need to determine the JRE you are using when you run Eclipse. To do this, open the Eclipse Help > About dialog and click on Configuration Details. Then look through the list until you see the value "java.home=/some/path". Copy the entire path to your clipboard or write it down on a piece of paper.
3. The rest of the steps will happen in a command line/terminal session. First, you need to set an environment variable named JAVA_HOME to the value you picked up in Eclipse:
1. Windows: set JAVA_HOME=C:\some\path
2. OSX: export JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Home
3. Linux: export JAVA_HOME=/some/path/to/java
4. Now, you can import the server certificate into your default trusted certificate for the JVM:

$ sudo keytool -import -trustcacerts -alias "some unique name" -file MyServer.cert -keystore
$JAVA_HOME/lib/security/cacerts
Enter keystore password: changeit
Owner: EMAILADDRESS=hostmaster@collab.net, CN=myserver.inst.collab.net,
O="CollabNet, Inc.", L=Brisbane, ST=California, C=US
Issuer: EMAILADDRESS=hostmaster@collab.net, CN=myserver.inst.collab.net,
O="CollabNet, Inc.", L=Brisbane, ST=California, C=US
Serial number: c3761cfe8305a126
Valid from: Fri Apr 04 05:43:33 EDT 2008 until: Thu Apr 09 05:43:33 EDT 2009
Certificate fingerprints:
MD5: EA:BA:9E:90:05:1E:84:7E:74:7E:20:2B:2D:6E:31:4A
SHA1: 89:78:82:8A:83:81:17:ED:E9:9F:74:16:95:81:6C:24:61:36:4C:21
Trust this certificate? [no]: yes
Certificate was added to keystore



The example command is for Linux or OSX and shows the usage of "sudo" if the JVM default requires root to update it. Windows users would not need "sudo" and would replace "$JAVA_HOME" with "%JAVA_HOME%".

The default password for the JVM certificate store is "changeit". Once the certificate is added to the keystore, you should just need to restart Eclipse and it should now work.

Source: http://eclipse.open.collab.net/servlets/ProjectProcess?pageID=3450