I'm trying to test a script, locally, which involves uploading a file using a Java-based program to a FileZilla FTPES server.

For the real thing, there is a real certificate on the FZ server, and the upload step (tested alone) seems to work fine.

I've installed FileZilla Server on my dev box (so it'll test uploading from localhost to localhost). I don't have a real certificate for it, of course, so I used the "Generate new certificate..." button in FZ. It works fine from an interactive FTPES program (as long as I OK the unknown cert), but from my Java program it throws a javax.net.ssl.SSLHandshakeException ("unable to find valid certification path to requested target").

So how do I tell Java that this certificate is OK with me?

(I know there's a way to change the Java program to accept any certificate, but I don't want to go down that route. I want to test it just as it will happen in production, and I don't want to ignore unknown certificates in production.)

I found that Java has a program called "keytool" that seems to be for managing this sort of thing, but it complains that the certificate file that FZ generated is not an "x.509" file. A posting from the FZ side said it was "PEM encoded". I have "openssl" here, which looks like it's perfect for converting between certificate formats, but I think my understanding of certificate formats is wrong because I'm not seeing anything obvious.

My knowledge of security certificates is a bit shaky, so if my title is stupidly wrong, please help by fixing that. :-)