Troubleshoot certificate compatibility issues

Prev Next

Available in Classic and VPC

If you are using an operating system or software version where the NAVER Cloud Trust Services root certificate is not pre-installed, certificate compatibility issues may occur. Find out causes and possible solutions.

Errors

  • Security warnings or exceptions occur when communicating with websites, applications, or APIs.

  • Access may be blocked or errors may occur when communicating with websites, applications, or APIs.

  • The following error messages are displayed. Troubleshoot error messages displayed may vary depending on the software version.

    Software Error messages Root certificate update or manual installation targets
    Google Chrome NET::ERR_CERT_AUTHORITY_INVALID
    • If the version is Chrome 105 or higher, the Chrome browser itself
    • If the version is Chrome 104 or lower, the operating system with the Chrome browser is installed
    Microsoft Edge NET::ERR_CERT_AUTHORITY_INVALID Operating system with the Edge browser installed
    Mozilla Firefox SEC_ERROR_UNKNOWN_ISSUER Firefox browser itself
    Apple Safari Click a warning appears that the connected network is not private > View certificate > Click on the top-level certificate, and it shows "This root certificate is not trusted." Operating system with the Safari browser installed
    Google Android application java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. Android operating system
    JAVA application PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target JAVA TrustStore

Cause

If you are using an operating system or software version where the NAVER Cloud Trust Services root certificate is not installed, the SSL/TLS certificate may be considered untrusted, resulting in security warnings or blocked access when communicating with websites, applications, or APIs.

Solution

Check certificate compatibility in advance

Operating system and software providers install the root certificate of a trusted certification authority in the root repository by default, enabling trusted SSL/TLS communication without installing a separate root certificate. Access the Test website where the issued certificate is applied and verify if it works properly on the operating system and software you are using.

Note

To check a complete list of operating systems and software versions with compatible issued certificates, see Compatibility of issued certificates.

Check JAVA compatibility in advance

These are typical scenarios requiring JAVA compatibility.

Type Description
External API call When the JAVA application needs to directly call HTTPS API of external services, such as external payment agency (PG) APIs and weather APIs
Security database connection When the JAVA application accesses the database server that supports SSL/TLS encrypted connection, such as MySQL, PostgreSQL, and Oracle
Security mail sending/receiving When the JAVA application needs to send or receive mail by communicating with the mail server through security protocols, such as SMTPS, IMAPS, and POP3S
  • In these scenarios, the JAVA application serves as the client, trying HTTPS communication to the server to which the NAVER Cloud Trust Services certificate has been applied. For normal communication, the NAVER Cloud Trust Services root certificate must be trusted in the local where the JAVA application is running.
  • For more information on JAVA versions compatible with the NAVER Cloud Trust Services root certificates by default, see Certificate information > JAVA compatibility.

To check the JAVA version you are using, follow these steps:

  1. JAVA version check command
java -version
  1. Output result examples
openjdk version "1.8.0_442"
OpenJDK Runtime Environment (Temurin)(build 1.8.0_442-b06)
OpenJDK 64-Bit Server VM (Temurin)(build 25.442-b06, mixed mode)
  • Check the JAVA version through openjdk version {버전}.
  • Check the provider through OpenJDK Runtime Environment {공급사 또는 소프트웨어 이름}.
  • For more information on JAVA versions compatible with the NAVER Cloud Trust Services root certificates by default, see Certificate information > JAVA compatibility.

To check if the NAVER Cloud Trust Services root certificate is compatible, follow these steps:

  1. Check the cacerts location.

On JAVA versions 8 or lower, cacerts is located in the jre/lib/security directory of the JAVA installation path.
Examples:

$JAVA_HOME/jre/lib/security/cacerts

On JAVA versions 8 or lower, cacerts is located in the lib/security directory of the JAVA installation path.
Examples:

$JAVA_HOME/lib/security/cacerts
  1. Check if the NAVER Cloud Trust Services root certificate is viewed using keytool. If there is no search result although you enter the proper cacerts location, you need to install the root certificate.

Examples of bash/zsh commands on Linux or macOS:

keytool -list -keystore "{path checked in 1}/cacerts" -storepass changeit -v | grep -i naver

Examples of commands on Windows:

keytool -list -v -keystore "{path checked in 1}\cacerts" -storepass changeit | findstr /i naver
  • If JAVA_HOME is not set, enter all JAVA installation paths, not $JAVA_HOME.
  • changeit is the initial password of storepass.

Starting from JAVA 16, you can use the keytool -list -cacerts commands.
Examples:

keytool -list -cacerts -storepass changeit | grep -i naver

You can generally view the root certificate information as follows, though it may vary depending on the JAVA version or operating system.

Alias name: cn=naver_global_root_certification_authority,o=naver_business_platform_corp.,c=kr
Owner: CN=NAVER Global Root Certification Authority, O=NAVER BUSINESS PLATFORM Corp., C=KR
Issuer: CN=NAVER Global Root Certification Authority, O=NAVER BUSINESS PLATFORM Corp., C=KR

NAVER Cloud Trust Services root certificate installation

To install the NAVER Cloud Trust Services root certificate, follow these steps:

  1. Check the Root certificate update or manual installation targets in the Examples of certificate compatibility issues for each software.
  2. Update to a version that guarantees certificate compatibility or to the latest version.
  3. If the update is not possible, manually install the NAVER Cloud Trust Services root certificate or add it to the trusted certificate store.

Install Windows OS root certificate

To install the root certificate on Windows OS and add it to the Trusted root certification authorities, follow these steps:

  1. Download the NAVER root certificate.
  2. Check the certificate information.
    • NAVER Global Root Certification Authority
  – Public Key: RSA 4096
  – Serial Number: 0194301EA20BDDF5C5332AB1434471F8D6504D0D
  – Fingerprint (SHA256): 88F438DCF8FFD1FA8F429115FFE5F82AE1E06E0C70C375FAAD717B34A49E7265
  – Valid Until: August 19, 2037
  3. Run the Local Machine certificate console (certlm.msc).
    • Enter certlm.msc at Window logo key + R > Run.
    • Alternatively, search for certlm.msc or "Computer Certificate Manager" in the Search bar and run it.
  4. In the top menu bar, click on Action > All Tasks > Import.
  5. When the Certificate Import Wizard window appears, check the storage location and then click the [Next] button.
  6. In the Import File step, click the [Browse] button next to the file name >change the file type to "All Files (.)" > select the NAVER root certificate file (naverrca1.der) and open.
  7. In the Certificate Storage step, select Place all certificates in the following storage > Click the [Browse] button for the certificate store > Select the Trusted Root Certification Authorities folder > Click the [OK] button.
  8. In the Certificate Import Wizard completion step, verify that the selected certificate repository is "trusted root certification authorities" and the file name is the NAVER root certificate, then, click the [Finish] button.
  9. Check whether the NAVER root certificate has been normally imported.
    • In the side menu to the left of certlm.msc, check whether the NAVER root certificate is included in the Certificate - Local computer > Trusted root certification authorities > Certificate folder.

Install macOS root certificate

To install the macOS root certificate, follow these steps:

  1. Download the NAVER root certificate.
  2. Check the certificate information.
    • NAVER Global Root Certification Authority
  – Public Key: RSA 4096
  – Serial Number: 0194301EA20BDDF5C5332AB1434471F8D6504D0D
  – Fingerprint (SHA256): 88F438DCF8FFD1FA8F429115FFE5F82AE1E06E0C70C375FAAD717B34A49E7265
  – Valid Until: August 19, 2037
  3. Run the key chain access app.
  4. Click the system key chain.
  5. Drag the NAVER root certificate file onto the key chain access app.
    • You may be asked to enter your computer administrator name and password or use Touch ID.
  6. After clicking the imported NAVER root certificate, click Trust > Change Secure Sockets Layer (SSL) value from "Not the specified value" to "Always trust" > [Close].
    • After Closing, you may be asked to enter your computer administrator name and password or use Touch ID.
  7. Check whether the service or Test website to which the issued certificate is applied works normally.

Install iOS root certificate

To install the iOS root certificate, follow these steps:

  1. Download the NAVER root certificate.

  2. When the window "This website is trying to download the configuration profile. Will you allow this action?" appears during download, allow it.

    • The profile is downloaded.
    • NAVER Global Root Certification Authority
  – Public Key: RSA 4096
  – Serial Number: 0194301EA20BDDF5C5332AB1434471F8D6504D0D
  – Fingerprint (SHA256): 88F438DCF8FFD1FA8F429115FFE5F82AE1E06E0C70C375FAAD717B34A49E7265
  – Valid Until: August 19, 2037

  3. Click Settings > Profile is downloaded > Install "NAVER Global Root Certification Authority" > Enter password > [Install].

    • You can check the certificate information in Details > Certificate at the profile installation step.
    • NAVER Global Root Certification Authority
  – Public Key: RSA 4096
  – Serial Number: 0194301EA20BDDF5C5332AB1434471F8D6504D0D
  – Fingerprint (SHA256): 88F438DCF8FFD1FA8F429115FFE5F82AE1E06E0C70C375FAAD717B34A49E7265
  – Valid Until: August 19, 2037

  4. Enable Settings > General > Information > Certificate trust settings > Enable all trust for root certificates "NAVER Global Root Certification Authority."

  5. Check whether the service or Test website to which the issued certificate is applied works normally.

Install Android OS root certificate

Note

Installation methods may differ by manufacturer and OS version.

To install the Android 11 root certificate, follow these steps:

  1. Download the NAVER root certificate.
  2. Complete after Settings > Biometrics and security > Other security settings > Install the certificate saved on the device > CA certificate > Continue installation > Select the "naverrca1.der.crt" file in the path where you downloaded the certificate.
    • The message "CA certificate has been installed" is displayed.
  3. Make sure Settings > Biometrics and security > Other security settings > Check certificate > User > "NAVER Global Root Certification Authority" certificate is displayed.
    • NAVER Global Root Certification Authority
  – Public Key: RSA 4096
  – Serial Number: 0194301EA20BDDF5C5332AB1434471F8D6504D0D
  – Fingerprint (SHA256): 88F438DCF8FFD1FA8F429115FFE5F82AE1E06E0C70C375FAAD717B34A49E7265
  – Valid Until: August 19, 2037
  4. Check whether the service or Test website to which the issued certificate is applied works normally.

To install the root certificate on Android 10 or below, follow these steps:

  1. Download the NAVER root certificate.
    • The certificate name window appears.
  2. Enter Certificate name (examples: naverrca1) > Click VPN & Apps > [OK].
    • You may be asked to enter a PIN, pattern, or password.
    • The message "naverrca1 certificate has been installed" is displayed.
  3. Make sure Settings > Biometrics and security > Other security settings > Check certificate > User > "NAVER Global Root Certification Authority" certificate is displayed.
    • NAVER Global Root Certification Authority
  – Public Key: RSA 4096
  – Serial Number: 0194301EA20BDDF5C5332AB1434471F8D6504D0D
  – Fingerprint (SHA256): 88F438DCF8FFD1FA8F429115FFE5F82AE1E06E0C70C375FAAD717B34A49E7265
  – Valid Until: August 19, 2037
  4. Check whether the service or Test website to which the issued certificate is applied works normally.
    • A message is displayed asking to set a PIN, pattern, or password if none has been set on the device.
    • If the Select the application to use window appears when downloading the root certificate, select the Certificate installation wizard and enter the certificate name.

Install JAVA root certificate

To install the JAVA root certificate, follow these steps:

  1. Download the NAVER root certificate.

  2. Check the certificate information.

    • NAVER Global Root Certification Authority
  – Public Key: RSA 4096
  – Serial Number: 0194301EA20BDDF5C5332AB1434471F8D6504D0D
  – Fingerprint (SHA256): 88F438DCF8FFD1FA8F429115FFE5F82AE1E06E0C70C375FAAD717B34A49E7265
  – Valid Until: August 19, 2037

  3. Import the NAVER root certificate into truststore (cacerts) using the keytool command.

    $ keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias naverrca1 -file /downloaded/path/of/naverrca1.der

    Description of options:

    • In the -keystore option, enter the path where the cacerts file is located. In general, it is in the /jdk{installed version}/jre/lib/security folder in which JAVA is installed.
    • In the -storepass option, enter the keystore password. The default password is changeit. If you are using a different password, enter that password.
    • If you enter the -noprompt option, the certificate is immediately added to the truststore without final confirmation of the certificate information. If you want to check the entered certificate information once again, exclude this option.
    • The -alias option specifies the alias to use when storing the certificate in the truststore. Aliases must be unique.
    • In the -file option, enter the NAVER root certificate file including the download path.
    Note

    When the keytool command is run in Windows, the java.io.FileNotFoundException: (Access is denied) error may occur. Run the command prompt with administrator permissions.

  4. Check whether the JAVA application to which the issued certificate is applied works normally.

Note

If you're still having trouble finding what you need, click on the feedback icon and send us your thoughts and requests. We'll use your feedback to improve this guide.