Problems accessing BTCE api after certificate change?


I used to have a bot that interacted with the btce api through java/netbeans, and then after the MtGox fiasco I shut it down for a while. Now I am trying to start it back up, but while bitstamp and cbx are working fine, my btce exchange interface is broken. I am getting a "PKIK path building failed, unable to find valid certification path". Given that btce changed their certificate recently, it seems that this certificate change must be related to the problem.

I have done some research and evidently this means that I need to add the new btce certificate to my trust store in java. After some further research, I understand that this involves adding a cetificate file to my cacerts keystore in myc:/program files/java/jre8/lib/security directory. I have tried doing it manually through firefox to a cer file, and putting it inside program files (x86)/java/jre8/bin and installing it through the command line using the following commands inside the same /java/jre8/bin directory:

$set KEYTOOL_PASS = 'changeit'
$keytool -import trustcacerts -keystore ../lib/security/cacerts -storepass %KEYTOOL_PASS% -noprompt -alias 'BTCE' -file btce.cer

But this did not work either. I talked to a friend who told me that perhaps I not only need to add the btce certificate, but also the godaddy G2 certificates on which it depends. So I exported those from firefox and added them to my keystore as well. But still I am getting the same "PKIK path building failed" error when I try to run my program in netbeans.

I cannot figure out what to do from here. My friend who is a server-side programmer is out of ideas, and I have tried every linux command I can find by googling this issue. And says that they do not offer programming support, and said, I quote, "there is nothing we can do to help". so I am now turning to bc stack exchange. I would appreciate your help!




Posted 2014-07-22T06:17:04.577

Reputation: 171

– Sly – 2014-08-13T19:12:29.810

Hi Sly, yes, I deleted all of the godaddy certificates that were previously associated with – Paul – 2014-08-20T19:57:01.483

I have posted a $100 bounty on to whoever can walk me through the solution to this problem. – Paul – 2014-08-21T02:50:18.510



I have got two JREs in my windows 7 machine. I have executed both below listed commands and I am able to connect it btce.

keytool -import -keystore "C:/Program Files/Java/jdk1.8.0_05/jre/lib/security/cacerts" -storepass "changeit" -noprompt -alias "BTCE" -file C:/Users/Dell/Downloads/btceSERVER.cert

keytool -import -keystore "C:/Program Files/Java/jre8/lib/security/cacerts" -storepass "changeit" -noprompt -alias "BTCE" -file C:/Users/Dell/Downloads/btceSERVER.cert

Points to note:

  1. I have mentioned full path for the keystore
  2. I have not used trustcacerts

Awaiting response

Two ways I can think of to download certificate. First(using linux): echo -n | openssl s_client -connect | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/btceSERVERNAME.cert

Second(using firefox): 1. Visit h t t p s:/ / 2. Click on the small Lock icon present in front of https in the url section. This will bring up a small popup 3. Click "More information" button, this will bring up a popup window titled as "Page info", 4. Click "View certificate", this will bring up certificate viewer 5. In certificate viewer, select "Details" tab 6. Click export button, which will bring up file save dialogue to save the cert.

Senthil K Kumar

Posted 2014-07-22T06:17:04.577

Reputation: 11

Hi Senthil, thank you for your comment. This looks promising. One part that you left out (maybe because yout hought it was obvious) is how to get the correct btceSERVER.cert file in the correct format. – Paul – 2014-08-22T14:50:20.660

Hello Paul, (1) click on the lock icon apears in front of "" in firefox, this will bring up Small window. (2) Click "More information". (3) Click "View certificate" (4) select "Details" Tab (5)click "Export" , will bring up file save dialogue. you can save it with your preferred name.

– Senthil K Kumar – 2014-08-22T18:04:09.377

Ok, that is what I did before but the only options are for me to export it as PEM, DER, and PKCS. Should I should just save it as "all files" and then add a .cert extension to the name? – Paul – 2014-08-22T19:04:48.737

".cert" is something I added on my own, you don't need to add. I think you just save it as all files. – Senthil K Kumar – 2014-08-22T19:10:04.397

hmm... when I save it as "all files", windows automatically puts a ".com" extension on it and recognizes it as an ms-dos application... – Paul – 2014-08-22T22:58:34.330

Ok then save it as ".cert" – Senthil K Kumar – 2014-08-22T23:03:24.577

gah, now I am getting a "keytool: command not found" error. I have tried ./keytool, still nothing – Paul – 2014-08-22T23:15:54.690

By the way what directory are you in when you run these commands? I thought maybe you were saying I should be running them from the root directory (which explains why my key tool wasn't working) but now I think that you are probaly running the first command from java/jdk_1.8.0_05/security/bin and the second command from java/jre8/security/bin but just using the full path names for both – Paul – 2014-08-23T01:03:41.767

I have got the keytool set on my system path variable. You can use any of them I.e. either the one comes as part of jdk or the one that comes as part of jre. It will be part of jre/bin folder. – Senthil K Kumar – 2014-08-23T07:12:05.600

Senthil, it worked! thank you. So in summary, I had already added the cert to my jre7 keystore, but I hadn't added it to the jdk/jre keystore. – Paul – 2014-08-23T18:23:43.633

So what can I expect as part of odesk bounty :) – Senthil K Kumar – 2014-08-23T18:49:45.990

Of course, I will stick to my word of paying $100 (the lowest bid on odesk). – Paul – 2014-08-23T18:56:53.667

For some reason my name appears as Senthil Kumar ( without the K in the middle). And i accepted your offer thank you. – Senthil K Kumar – 2014-08-23T19:05:54.230