adding_crt_to_java_cacerts

Adding crt to Java cacerts

Adding crt file allows Java to access your self-signed ssl site without doing something like Insecurity HTTPS Connection.

Assume the location of your Java JDK is in C:\Program Files\Java\jdk1.8.0_131\. The following steps add the crt to Java key store:

  1. Open a command console (cmd)
  2. cd to C:\Program Files\Java\jdk1.8.0_131\bin
  3. input
    keytool -import -trustcacerts -keystore "c:\Program Files\Java\jdk1.8.0_131\jre\lib\security\cacerts" -storepass changeit -noprompt -alias YOUR_ALIAS -file YOUR_CRT_FILE_LOCATION.crt
  4. The screen should display Certificate was added to keystore if everything runs fine.

For the above command, YOUR_ALIAS can be anything that related to your cert you like, and YOUR_CRT_FILE_LOCATION.crt is the location of your crt file.

Adding jks to Java cacerts

Assume you are in the directory of the Java cacerts directory, for example, C:\Program Files\Java\jdk1.8.0_152\jre\lib\security for JDK8.

You need to know both the source and destination keystore passwords in advance. The default one for java cacerts is changeit.

keytool -importkeystore -srckeystore "PATH_OF_YOUR.jks_FILE" -destkeystore cacerts

Remove Imported Certificates From Java Keystore

Become su, or run cmd with as Administrator in Windows. changeit is the default password for java jre.

keytool -delete -alias smicacert -keystore /usr/j2se/jre/lib/security/cacerts
Enter keystore password:  changeit

from https://docs.oracle.com/cd/E19683-01/817-2874/6migoia18/index.html

Run Java program with cacerts without adding it to the keystore

Run your java program with the following VM Options, <path_to_jks_file> should be replaced with the actual path of your crt file.

-Djavax.net.ssl.trustStorePassword=changeit -Djavax.net.ssl.trustStore=<path_to_jks_file> 
  • adding_crt_to_java_cacerts.txt
  • Last modified: 2020/11/11 11:18
  • by chongtin