What setting should I use for trustStoreType in the CLI configuration file domino.vmoptions

If you're having trouble logging in with the Domino CLI, you might see an error similar to the following...

Couldn't validate the Domino URL you provided. Validation failed with: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

This is a somewhat common error with the CLI login and can have several causes.  There are several KBs that address some of those already...

• Using The Cli Behind A Proxy
• "PKIX path building failed" when using Domino CLI - How to resolve on a Windows machine
• CLI login fails with the error "PKIX path building failed"
• Troubleshooting common problems

One of the possible resolutions to this error is to try and explicitly set the Java option for the trust store type.  In general this is a system default setting and should not need to be changed, but we have found in some instances this can help resolve this failure.

The setting for the trust store type is

-Djavax.net.ssl.trustStoreType=<depends on OS type>
PC:    -Djavax.net.ssl.trustStoreType=WINDOWS-ROOT
MAC: -Djavax.net.ssl.trustStoreType=KeychainStore
Linux: -Djavax.net.ssl.trustStoreType=jks 

Note that these are standard Java options.

This setting should be placed in the domino.vmoptions configuration file.

• On Mac, the directory is: /Applications/domino
• On Windows, the directory is: C:\Users\<your_username>\AppData\Local\Programs\domino

In the root of the installation directory, there is a file named domino.vmoptions with some configuration options available. Add the line -include-options ~/.domino/domino.vmoptions at the end of the file for any *nix based system (Windows users will need to specify the appropriate path where domino.vmoptions will be created):

-Ddomino.defaultHost=
-Dhttp.proxyHost=
-Dhttp.proxyPort=
-Dhttp.nonProxyHosts=
-Dhttps.proxyHost=
-Dhttps.proxyPort=
-Dhttps.nonProxyHosts=
-include-options ~/.domino/domino.vmoptions

You will need to create the user level configuration file domino.vmoptions in the appropriate location/folder. The folder ~/.domino/ may not exist, in which case you should run mkdir ~/.domino to create it. A user level configuration file is necessary to ensure your settings are never modified in the scenario that the CLI is reinstalled or updated. In the newly created ~/.domino/domino.vmoptions, assign your trust store type:

-Djavax.net.ssl.trustStoreType=WINDOWS-ROOT