That's what I suspect, however there are some info:
1. When the client cert is not right, you should get this:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
2. When the server's cert is not trusted by the client, you should get this:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Couldn't find trusted certificate
In your case, if we read the error literally, the cert is bad! But we don't know which cert, the server side or the client side. You need to check both.
Maybe the format is not right, see below.
Some info for you reference:
When URLConnection is used for HTTP(S) connection:
1. We can specify the truststore and keystore like this:
System.setProperty("javax.net.ssl.trustStore", "<name here>");
System.setProperty("javax.net.ssl.keyStore", "<name here>");
System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
The truststore is used by the client to trust server's cert, so put server's cert or its CA cert in there. Use keytool to create this store and import the cert.
The keystore is used to store client's cert. KEEP IN MIND, in keystore, the store's password has to be the same as the private key's password, otherwise you will get wield errors(not clear enough). The password can NOT be null or empty. Further more, the keystore has to be in JKS format. So if you have p12, pfx, write a simple class to convert it.
2. Here is the way to setup proxy/firewall, if you have to go through firewalls.
For https:
System.setProperty("https.proxySet", "true");
System.setProperty("https.proxyHost", "<proxy server here>");
System.setProperty("https.proxyPort", "80");
String tmp = "name" + ":" + "password";
String encodedpswd = "Basic " + new sun.misc.BASE64Encoder().encode(tmp.getBytes());
if (conn != null)
{
conn.setRequestProperty("Proxy-Authorization", encodedpswd);
}
For http, just replace https with http in the above.