Java keytool easy way to add server cert from url/port

by

Was looking at how to trust a certificate while using jenkins cli, and found
https://issues.jenkins-ci.org/browse/JENKINS-12629 which has some recipe for that.

This will give you the certificate:

openssl s_client -connect ${HOST}:${PORT} </dev/null

if you are interested only in the certificate part, cut it out by piping it to:

| sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'

and redirect to a file:

> ${HOST}.cert

Then import it using keytool:

keytool -import -noprompt -trustcacerts -alias ${HOST} -file ${HOST}.cert \
    -keystore ${KEYSTOREFILE} -storepass ${KEYSTOREPASS}

In one go:

HOST=myhost.example.com
PORT=443
KEYSTOREFILE=dest_keystore
KEYSTOREPASS=changeme

# get the SSL certificate
openssl s_client -connect ${HOST}:${PORT} </dev/null \
    | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ${HOST}.cert

# create a keystore and import certificate
keytool -import -noprompt -trustcacerts \
    -alias ${HOST} -file ${HOST}.cert \
    -keystore ${KEYSTOREFILE} -storepass ${KEYSTOREPASS}

# verify we've got it.
keytool -list -v -keystore ${KEYSTOREFILE} -storepass ${KEYSTOREPASS} -alias ${HOST}

More Related Contents:

  1. How to properly import a selfsigned certificate into Java keystore that is available to all Java applications by default?
  2. Java Keytool error after importing certificate , “keytool error: java.io.FileNotFoundException & Access Denied”
  3. “PKIX path building failed” and “unable to find valid certification path to requested target”
  4. Accept server’s self-signed ssl certificate in Java client
  5. Received fatal alert: handshake_failure through SSLHandshakeException
  6. Java: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  7. Unable to find valid certification path to requested target – error even after cert imported
  8. Trust Store vs Key Store – creating with keytool
  9. PKIX path building failed: unable to find valid certification path to requested target
  10. Importing the private-key/public-certificate pair in the Java KeyStore [duplicate]
  11. Converting a Java Keystore into PEM Format
  12. How do I find out what keystore my JVM is using?
  13. How to ignore PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException?
  14. Programmatically Import CA trust cert into existing keystore file without using keytool
  15. How to convert .pfx file to keystore with private key?
  16. Openssl is not recognized as an internal or external command
  17. Java SSL: how to disable hostname verification
  18. Key hash for Facebook Android SDK
  19. Caused by: java.security.UnrecoverableKeyException: Cannot recover key
  20. Keytool Signing Problem: Keystore was tampered with, or password was incorrect
  21. javax.net.ssl.SSLPeerUnverifiedException: Host name does not match the certificate subject provided by the peer
  22. Cannot send push notifications using Javapns/Javaapns SSL handshake failure
  23. Java7 Refusing to trust certificate in trust store
  24. Where is the Keytool application?
  25. SSL “Peer Not Authenticated” error with HttpClient 4.1
  26. Java: Loading SSL Keystore via a resource
  27. java keytool with opensc pkcs#11 provider only works with debug option enabled
  28. How Can I Access an SSL Connection Through Android?
  29. Is there a java setting for disabling certificate validation? [duplicate]
  30. Ignore self-signed ssl cert using Jersey Client [duplicate]

Leave a Comment