How to Import Signed Certificate into Java Keystore
Overview
In this short blog post, I will explain how to import certificate into Java Keystore. This steps is useful whenever you need to access HTTPS from JVM.
Export the certificate from your browser as a binary file
You can take the certificate via browser by doing something like this:
- Browse to your application server using SSL.
- Inspect Certificate
- Export certificate
- Ideally export it with the certificate with chain (this option is available with Firefox, maybe with other browsers too).
- Formats crt or der should be fine.
Import the certificate to your Java store
Run this following command replacing the path to the JRE if needed (typically the following address is the default you should have in a linux environment).
|
1 |
sudo /usr/java/latest/jre/bin/keytool -importcert -alias myalias -keystore /usr/java/latest/jre/lib/security/cacerts -file ~/example.domain.com.crt |
A couple of notes while importing certificate:
Super User Required
You should run the above command as root or with sudo access, otherwise you most likely won’t have access to modify the cacerts file.
Default Password
Use the default password: changeit
Remove from Keystore
|
1 |
sudo /usr/java/latest/jre/bin/keytool -delete -alias myalias -keystore /usr/java/latest/jre/lib/security/cacerts |
Check Whether Certificate is Installed
|
1 |
sudo /usr/java/latest/jre/bin/keytool -list -v -keystore /usr/java/latest/jre/lib/security/cacerts |
Conclusion
That’s all for today. Now you can access the https protocol via JVM. And apologize for very short post, because I am in the very tight deadline until end of year.
