How to properly import a selfsigned certificate into Java keystore that is available to all Java applications by default?

by

On Windows the easiest way is to use the program portecle.

  1. Download and install portecle.
  2. First make 100% sure you know which JRE or JDK is being used to run your program. On a 64 bit Windows 7 there could be quite a few JREs. Process Explorer can help you with this or you can use: System.out.println(System.getProperty("java.home"));
  3. Copy the file JAVA_HOME\lib\security\cacerts to another folder.
  4. In Portecle click File > Open Keystore File
  5. Select the cacerts file
  6. Enter this password: changeit
  7. Click Tools > Import Trusted Certificate
  8. Browse for the file mycertificate.pem
  9. Click Import
  10. Click OK for the warning about the trust path.
  11. Click OK when it displays the details about the certificate.
  12. Click Yes to accept the certificate as trusted.
  13. When it asks for an alias click OK and click OK again when it says it has imported the certificate.
  14. Click save. Don’t forget this or the change is discarded.
  15. Copy the file cacerts back where you found it.

On Linux:

You can download the SSL certificate from a web server that is already using it like this:

$ echo -n | openssl s_client -connect www.example.com:443 | \
   sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/examplecert.crt

Optionally verify the certificate information:

$ openssl x509 -in /tmp/examplecert.crt -text

Import the certificate into the Java cacerts keystore:

$ keytool -import -trustcacerts -keystore /opt/java/jre/lib/security/cacerts \
   -storepass changeit -noprompt -alias mycert -file /tmp/examplecert.crt

More Related Contents:

  1. How to import a .cer certificate into a java keystore?
  2. How to fix the “java.security.cert.CertificateException: No subject alternative names present” error?
  3. PKIX path building failed: unable to find valid certification path to requested target
  4. How can I get a list of trusted root certificates in Java?
  5. Java keytool easy way to add server cert from url/port
  6. How to ignore PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException?
  7. How to convert .pfx file to keystore with private key?
  8. Key hash for Facebook Android SDK
  9. Wrong version of keystore on android call
  10. Keytool Signing Problem: Keystore was tampered with, or password was incorrect
  11. Java: Loading SSL Keystore via a resource
  12. Java Keytool error after importing certificate , “keytool error: java.io.FileNotFoundException & Access Denied”
  13. Can we load multiple Certificates & Keys in a Key Store?
  14. “PKIX path building failed” and “unable to find valid certification path to requested target”
  15. Received fatal alert: handshake_failure through SSLHandshakeException
  16. why doesn’t java send the client certificate during SSL handshake?
  17. SSL and cert keystore
  18. Getting RSA private key from PEM BASE64 Encoded private key file
  19. Trust Store vs Key Store – creating with keytool
  20. keytool error Keystore was tampered with, or password was incorrect
  21. Importing the private-key/public-certificate pair in the Java KeyStore [duplicate]
  22. Does Java support Let’s Encrypt certificates?
  23. How do I find out what keystore my JVM is using?
  24. Programmatically Import CA trust cert into existing keystore file without using keytool
  25. How do I securely store encryption keys in java? [closed]
  26. How do I do TLS with BouncyCastle?
  27. Using SSLContext with just a CA certificate and no keystore
  28. How Can I Access an SSL Connection Through Android?
  29. Setting multiple truststore on the same JVM
  30. Is there a java setting for disabling certificate validation? [duplicate]

Leave a Comment