I'm using JDK 1.7.0_45 and try to fetch my IMAP Inbox but I get the exception
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
So, I figured out a certificate needs to be added to the Java truststore cacerts ($JAVA_HOME/jre7/libs/security) via keytool. The certificate for my IMAP server was issued by StartCom so I thought I need to add their root certificates. I followed these instructions and added the certificates to the global Java truststore cacerts. However, I still get the same exception. I also tried creating my own keystore file (.pks), adding the certificates and running the app with
-Djavax.net.ssl.keyStore=path/to/myown.jks
This didn't work either. To my understanding it suffices to add the certificate of the root authority who issued the certificate.
What do I have to do to get Java to accept the certificate of my IMAP mailbox?
A side question: when I publish a Java application such as an email client which might need certificates not contained in the default java truststore, what is the least intimidating way to let the user add new certificates?