Certificates are signed by known Certificates Authorities (CA). Their certs
are called the root certs. CAs used their root certs to sign an intermediate
cert, which are in turn used to sign certificates issued to companies.

Browsers and JVM have a list of those root and intermediate certs (public
key only), and will verify any certs that comes along with them. While
browsers will have a pop-up and ask you to trust the suspicious cert (your
self-signed cert) or not, JVM doesn't (since not all applications are
interactive, and not all platforms has display). So the exception is thrown.

So what you need to do is to import your self-signed cert into the "cacerts"
keystore of the JVM, so it will be trusted.

The tool to use is called "keytool". It is in the JDK bin directory.

A sample command line:
keytool -import -alias <alias> -file <certfile> -keypass
<password> -keystore <keystore> -storepass <storepass>

<alias> is the name to assign to the cert being imported. You can retrieve a
list of cert names with keytool -list. It is best to use something
meaningful so you can find your self-signed cert easily.
<certfile> is the path to the cert being imported.
<password> is the password of the cert being imported.
<keystore> is the keystore of the JVM to use. For my JRE, it is "C:\Program
Files\Java\j2re1.4.2_04\lib\security\cacerts" (no file extension). You can
create your own keystores, but for this purpose, you use the "cacert" one.
<storepass> is the password of the keystore. The JVM cacert keystore has a
default password of "changeit" (without the quotes).

HTH,

KC