Adding crt file allows Java to access your self-signed ssl site without doing something like Insecurity HTTPS Connection.
Assume the location of your Java JDK is in C:\Program Files\Java\jdk1.8.0_131\. The following steps add the crt to Java key store:
keytool -import -trustcacerts -keystore "c:\Program Files\Java\jdk1.8.0_131\jre\lib\security\cacerts" -storepass changeit -noprompt -alias YOUR_ALIAS -file YOUR_CRT_FILE_LOCATION.crt
Certificate was added to keystore if everything runs fine.For the above command, YOUR_ALIAS can be anything that related to your cert you like, and YOUR_CRT_FILE_LOCATION.crt is the location of your crt file.
Assume you are in the directory of the Java cacerts directory, for example, C:\Program Files\Java\jdk1.8.0_152\jre\lib\security for JDK8.
You might need to run it under administrator mode for m$ windows cmd
You need to know both the source and destination keystore passwords in advance. The default one for java cacerts is changeit.
keytool -importkeystore -srckeystore "PATH_OF_YOUR.jks_FILE" -destkeystore cacerts
keytool -importcert -file “YOURCERT.cer” -keystore YOUR.jks -alias ANYTHING
Eg:
keytool -importcert -file "www_google_com.cer" -keystore your.jks -alias www_google_com
Become su, or run cmd with as Administrator in Windows. changeit is the default password for java jre.
keytool -delete -alias smicacert -keystore /usr/j2se/jre/lib/security/cacerts Enter keystore password: changeit
from https://docs.oracle.com/cd/E19683-01/817-2874/6migoia18/index.html
Run your java program with the following VM Options, <path_to_jks_file> should be replaced with the actual path of your crt file.
-Djavax.net.ssl.trustStorePassword=changeit -Djavax.net.ssl.trustStore=<path_to_jks_file>