# Help! I Am Getting a Certificate Error (PKIX Path) If your site is using a self-signed certificate to establish SSL (HTTPS) connections you may see an error like the following when attempting to connect to Salesforce: ``` Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(Unknown Source) at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) at sun.security.validator.Validator.validate(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) ... 26 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source) at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source) at java.security.cert.CertPathBuilder.build(Unknown Source) ... 32 more ``` This type of error typically means that your network is using a self-signed certificate. To make CopyStorm (or any other Java based application) work with your certificate, you must add the certificate to Java’s trusted store file “cacerts”. ## To automatically add the certificate * Open the “Help” menu in the top left of the application GUI and select the “Load Network Certificates” option: * ![](/files/tXSf4LHCQud5lAEUvzpD) * This will open the “Certificate Viewer” popup where you can view, approve, or export the necessary certificates: * ![](/files/rmZHoOX4WCXpx6U3eG9h) * Approve the certificates by clicking the “Approve” button. This will create a keystore file called “CapStormKeyStore.jks” in the [best practice setup CapstormConfig directory](/best-practices/copystorm-directory-structure.md) OR the current user’s home directory that will contain the approved certificates. CapStorm applications will use this keystore file for SSL traffic. ## To manually add the certificate * Get a copy of your certificate. * This will be a CER or CRT file (example: mycompany.crt). * Copy the certificate to the certificate directory in your CopyStorm installation: * \[CopyStormRoot]/jre/lib/security * Navigate to the certificate directory in a shell (Linux) or command prompt (Windows) and run the command: * ....\bin\keytool -import -keystore cacerts -file mycompany.crt * The tool will ask you for a password. It is “changeit”. * You’re done! CopyStorm will now connect to Salesforce without a PKIX error. If your environment requires that multiple certificates be installed, you will need to import each certificate using a unique alias: * ....\bin\keytool -import -keystore cacerts -file firstcertificate.crt **-alias firstcertificate** * ....\bin\keytool -import -keystore cacerts -file secondcertificate.crt **-alias secondcertificate** If you have encountered this problem, it is better in the long run to use a “cacerts” file for a Java runtime that is installed globally on your computer. The procedure is the same, but the “cacerts” file is in a different location. If you take this approach then remove the “jre” directory from CopyStorm and the application will use the system default Java. Here is a [great article](http://javarevisited.blogspot.com/2012/03/add-list-certficates-java-keystore.html) with more details — please reference it if you need more help. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://learn.capstorm.com/frequently-asked-questions/installation/help-i-am-getting-a-certificate-error-pkix-path.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.