====== Adding crt to Java cacerts ======
Adding crt file allows Java to access your self-signed ssl site without doing something like [[insecurity_https_connection|Insecurity HTTPS Connection]]. 

Assume the location of your Java JDK is in ''C:\Program Files\Java\jdk1.8.0_131\''. The following steps add the crt to Java key store:
  - Open a command console (cmd)
  - cd to C:\Program Files\Java\jdk1.8.0_131\bin
  - input <code>keytool -import -trustcacerts -keystore "c:\Program Files\Java\jdk1.8.0_131\jre\lib\security\cacerts" -storepass changeit -noprompt -alias YOUR_ALIAS -file YOUR_CRT_FILE_LOCATION.crt</code>
  - The screen should display ''Certificate was added to keystore'' if everything runs fine.

For the above command, YOUR_ALIAS can be anything that related to your cert you like, and YOUR_CRT_FILE_LOCATION.crt is the location of your crt file. 

====== Adding jks to Java cacerts ======
Assume you are in the directory of the Java cacerts directory, for example,  C:\Program Files\Java\jdk1.8.0_152\jre\lib\security for JDK8.

**You might need to run it under administrator mode for m$ windows cmd**

**You need to know both the source and destination keystore passwords in advance**. The default one for java cacerts is **changeit**. 
<code>
keytool -importkeystore -srckeystore "PATH_OF_YOUR.jks_FILE" -destkeystore cacerts
</code>

====== Convert p7b to cer======
  - In M$ Windows, Double click on the p7b file
  - Double clikc on the cert (could be more than one; have to do it one by one
  - Click the Details tab
  - Click the Copy to File... button
  - Next; select Base-64 encorded X.509 (.CER); Next
  - give it a filename; Next
  - Click Finish button
  - Do the next cert in the p7b if needed.
====== Adding cer to Java cacerts ======
keytool -importcert -file "YOURCERT.cer" -keystore YOUR.jks -alias ANYTHING

Eg:
<code>
keytool -importcert -file "www_google_com.cer" -keystore your.jks -alias www_google_com
</code>
======  Remove Imported Certificates From Java Keystore ======
Become su, or run cmd with as Administrator in Windows. changeit is the default password for java jre.
<code>
keytool -delete -alias smicacert -keystore /usr/j2se/jre/lib/security/cacerts
Enter keystore password:  changeit
</code>
from https://docs.oracle.com/cd/E19683-01/817-2874/6migoia18/index.html

====== Run Java program with cacerts without adding it to the keystore ======
Run your java program with the following VM Options, ''<path_to_jks_file>'' should be replaced with the actual path of your crt file.
<code>
-Djavax.net.ssl.trustStorePassword=changeit -Djavax.net.ssl.trustStore=<path_to_jks_file> 
</code>