Issue with CACERTS IntelliJ + Gradle

Question

I currently am running some REST calls behind a proxy, so I need to follow some strict processes in order for the calls to go through.

Previously I was building in Eclipse for a POC, but now that I know it works, I am trying to transfer it over to IntelliJ (Personal favorite IDEA) along with Gradle for the build automation.

I got the project to compile, export all the dependencies, etc... but when I run it IN IntelliJ I get a "Cert not found error". On a side note however, if I execute the compiled Jar file (from gradle) using "java-jar MyJar.jar", it runs perfectly and doesn't throw the cert error. The kicker here is, if I execute the Jar using JUST the gradle task outside of IntelliJ it works, but if I try to execute the task right after the build in IntelliJ it fails.

Works:

• Executing the jar created from Gradle build task manually VIA CLI
• Executing the gradle task below using "gradle runMain" VIA CLI

Doesn't work: - Executing the build task within IntelliJ and calling "runMain" at the end of the build task

My current theory, is that running it via java -jar and gradle runMain, causes the JVM to use the default cacerts "/jre_xxx/libs/security/cacerts" (where I already added the certificate) but when I execute the Jar within IntelliJ with Gradle, it uses a different location. I've also added the cert to "C:\Program Files\JetBrains\IntelliJ IDEA Community Edition 2018.1.5\jre64\lib\security\cacerts" as well but I still recieved this eror while running it in IntelliJ.

task(runMain, dependsOn: 'classes', type: JavaExec) {
     main = 'com.xxx.xx.x.Utopia'
     classpath = sourceSets.main.runtimeClasspath
     args=[
             "-Djavax.net.ssl.trustStore=C:\\ProgramFiles\\Java\\jre1.8.0_121\\lib\\security\\cacerts"
     ]
 }

Running this VIA CLI seems to work but never with the Gradle build task within IntelliJ.

Any help would be greatly appreciated.

EDIT: The error that I get ONLY while running it within IntelliJ (PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)

Answer 1

After contacting JetBrains support with my issue, I was made aware of the problem. Logically I was under the assumption that the JRE would execute the JAR file, this is ONLY the case when running java -jar my.jar or executing Gradle from CLI. The way IntelliJ works is that it solely uses the JDK, so I had to modify the small JRE that was within the JDK. Once I did that and added it to the CACERTS found within my jdk.xxx/jre/lib/security/cacerts, I was able to resolve this issue.

https://youtrack.jetbrains.com/issue/IDEA-195428

Answer 2

Ok.. sometimes this could be very minute thing which we tend to overlook is to always use the cacerts file path from your jdk>jre>lib>security folder in to you gradle VMOptions settings.

Answer 3

Use the built-in IntelliJ-IDEA plugin to trust custom certs:

https://www.jetbrains.com/help/idea/settings-tools-server-certificates.html

Answer 4

In case anyone comes across this issue as well. I had added my certs to the JDK store and ensured IntelliJ was using the JDK however it would still fail when trying to download JARs. Turned out I had to kill the gradle deamon running in the background as it was persisting between IntelliJ restarts. I'm on windows so ps java | kill worked in Powershell. pkill java will work in Linux.