adding_crt_to_java_cacerts

Adding crt to Java cacerts

Adding crt file allows Java to access your self-signed ssl site without doing something like Insecurity HTTPS Connection.

Assume the location of your Java JDK is in C:\Program Files\Java\jdk1.8.0_131\. The following steps add the crt to Java key store:

  1. Open a command console (cmd)
  2. cd to C:\Program Files\Java\jdk1.8.0_131\bin
  3. input 
    keytool -import -trustcacerts -keystore "c:\Program Files\Java\jdk1.8.0_131\jre\lib\security\cacerts" -storepass changeit -noprompt -alias YOUR_ALIAS -file YOUR_CRT_FILE_LOCATION.crt
  4. The screen should display Certificate was added to keystore if everything runs fine.

For the above command, YOUR_ALIAS can be anything that related to your cert you like, and YOUR_CRT_FILE_LOCATION.crt is the location of your crt file.

Adding jks to Java cacerts

Assume you are in the directory of the Java cacerts directory, for example, C:\Program Files\Java\jdk1.8.0_152\jre\lib\security for JDK8.

You might need to run it under administrator mode for m$ windows cmd

You need to know both the source and destination keystore passwords in advance. The default one for java cacerts is changeit. 

keytool -importkeystore -srckeystore "PATH_OF_YOUR.jks_FILE" -destkeystore cacerts

Convert p7b to cer

  1. In M$ Windows, Double click on the p7b file
  2. Double clikc on the cert (could be more than one; have to do it one by one
  3. Click the Details tab
  4. Click the Copy to File… button
  5. Next; select Base-64 encorded X.509 (.CER); Next
  6. give it a filename; Next
  7. Click Finish button
  8. Do the next cert in the p7b if needed.

Adding cer to Java cacerts

keytool -importcert -file “YOURCERT.cer” -keystore YOUR.jks -alias ANYTHING

Eg: 

keytool -importcert -file "www_google_com.cer" -keystore your.jks -alias www_google_com

Remove Imported Certificates From Java Keystore

Become su, or run cmd with as Administrator in Windows. changeit is the default password for java jre. 

keytool -delete -alias smicacert -keystore /usr/j2se/jre/lib/security/cacerts
Enter keystore password:  changeit

from https://docs.oracle.com/cd/E19683-01/817-2874/6migoia18/index.html

Run Java program with cacerts without adding it to the keystore

Run your java program with the following VM Options, <path_to_jks_file> should be replaced with the actual path of your crt file. 

-Djavax.net.ssl.trustStorePassword=changeit -Djavax.net.ssl.trustStore=<path_to_jks_file>
  • adding_crt_to_java_cacerts.txt
  • Last modified: 2021/05/11 15:14
  • by chongtin