How to properly import a selfsigned certificate into Java keystore that is available to all Java applications by default

Question

I do want to import a self signed certificate into Java so any Java application that will try to establish a SSL connection will trust this certificate   So far  I managed to import it in  keytool -import -trustcacerts -noprompt -storepass changeit -alias  REMHOST -file  REMHOST pem keytool -import -trustcacerts -noprompt -keystore cacerts -storepass changeit -alias  REMHOST -file  REMHOST pem   Still  when I try to run HTTPSClient class I still get   javax net ssl SSLHandshakeException  sun security validator ValidatorException  PKIX path building failed  sun security provider certpath SunCertPathBuilderException  unable to find valid certification path to requested target

User · Answer

If you are using a certificate signed by a Certificate Authority that is not included in the Java cacerts file by default  you need to complete the following configuration for HTTPS connections  To import certificates into cacerts    Open Windows Explorer and navigate to the cacerts file  which is located in the jre lib security subfolder where AX Core Client is installed  The default location is C  Program Files ACL Software AX Core Client jre lib security Create a backup copy of the file before making any changes  Depending on the certificates you receive from the Certificate Authority you are using  you may need to import an intermediate certificate and or root certificate into the cacerts file  Use the following syntax to import certificates  keytool -import -alias  -keystore  -trustcacerts -file  If you are importing both certificates the alias specified for each certificate should be unique  Type the password for the keystore at the    Password    prompt and press Enter  The default Java password for the cacerts file is    changeit     Type    y    at the    Trust this certificate     prompt and press Enter

User · Answer

Might want to try  keytool -import -trustcacerts -noprompt -keystore  lt full path to cacerts gt  -storepass changeit -alias  REMHOST -file  REMHOST pem   i honestly have no idea where it puts your certificate if you just write cacerts just give it a full path

User · Answer

install certificate in java linux   opt jdk version  bin keytool -import -alias aliasname -file certificate cer -keystore cacerts -storepass password

User · Answer

D  Java jdk1 5 0 10 bin keytool -import -file  D  Certificates SDS services Dev dev-sdsservices-was8 infavig com cer  -keystore  D  Java jdk1 5 0 10 jre lib security cacerts  -alias  sds certificate

User · Answer

The simple command  keytool  also works on Windows and or with Cygwin    IF you re using Cygwin here is the modified command that I used from the bottom of  S Botha s  answer     make sure you identify the JRE inside the JDK that you will be using Start your prompt cygwin as admin go inside the bin directory of that JDK e g    cd  cygdrive c Program  Files Java jdk1 8 0 121 jre bin Execute the keytool command from inside it  where you provide the path to your new Cert at the end  like so     keytool exe -import -trustcacerts -keystore    lib security cacerts  -storepass changeit -noprompt -alias myownaliasformysystem -file  D  Stuff saved-certs ca cert     Notice  because if this is under Cygwin you re giving a path to a non-Cygwin program  so the path is DOS-like and in quotes

User · Answer

fist get the certificate from the provider create a file ends wirth  cer and pase the certificate  copy the text file or  past   it  somewhere you can access it  then use the cmd prompt as an admin and cd to the bin of the jdk  the cammand that will be used is the   keytool   change the  password of the keystore with    keytool  -storepasswd -keystore  quot path of the key store from c  and down quot   the password is   changeit   then you will be asked to enter the new password twice   then type the following    keytool -importcert -file   quot C  Program Files Java jdk-13 0 2 lib security certificateFile cer quot    -alias chooseAname -keystore   quot C  Program Files Java jdk-13 0 2 lib security cacerts quot

User · Answer

On Windows the easiest way is to use the program portecle    Download and install portecle  First make 100  sure you know which JRE or JDK is being used to run your program  On a 64 bit Windows 7 there could be quite a few JREs  Process Explorer can help you with this or you can use  System out println System getProperty  java home     Copy the file JAVA HOME lib security cacerts to another folder  In Portecle click File   Open Keystore File Select the cacerts file Enter this password  changeit Click Tools   Import Trusted Certificate Browse for the file mycertificate pem Click Import Click OK for the warning about the trust path  Click OK when it displays the details about the certificate  Click Yes to accept the certificate as trusted  When it asks for an alias click OK and click OK again when it says it has imported the certificate  Click save  Don   t forget this or the change is discarded  Copy the file cacerts back where you found it    On Linux   You can download the SSL certificate from a web server that is already using it like this     echo -n   openssl s client -connect www example com 443        sed -ne   -BEGIN CERTIFICATE-   -END CERTIFICATE- p   gt   tmp examplecert crt   Optionally verify the certificate information     openssl x509 -in  tmp examplecert crt -text   Import the certificate into the Java cacerts keystore     keytool -import -trustcacerts -keystore  opt java jre lib security cacerts      -storepass changeit -noprompt -alias mycert -file  tmp examplecert crt

User · Answer

I ended up writing a small script that adds the certificates to the keystores  so it is much easier to use   You can get the latest version from https   github com ssbarnea keytool-trust     bin bash   version 1 0   https   github com ssbarnea keytool-trust REMHOST  1 REMPORT   2 -443   KEYSTORE PASS changeit KEYTOOL  sudo keytool      etc java-6-sun security cacerts  for CACERTS in   usr lib jvm java-8-oracle jre lib security cacerts        usr lib jvm java-7-oracle jre lib security cacerts         System Library Java JavaVirtualMachines 1 6 0 jdk Contents Home lib security cacerts          Applications Xcode app Contents Applications Application Loader app Contents MacOS itms java lib security cacerts  do  if   -e   CACERTS    then     echo --- Adding certs to  CACERTS    FYI  the default keystore is located in    keystore  if   -z   REMHOST        then     echo  ERROR  Please specify the server name to import the certificatin from  eventually followed by the port number  if other than 443       exit 1     fi  set -e  rm -f  REMHOST  REMPORT pem  if openssl s client -connect  REMHOST  REMPORT 1 gt  tmp keytool stdout 2 gt  tmp output  lt  dev null         then                   else         cat  tmp keytool stdout         cat  tmp output         exit 1         fi  if sed -ne   -BEGIN CERTIFICATE-   -END CERTIFICATE- p   lt  tmp keytool stdout  gt   tmp  REMHOST  REMPORT pem         then                   else         echo  ERROR  Unable to extract the certificate from  REMHOST  REMPORT               cat  tmp output         fi  if  KEYTOOL -list -storepass   KEYSTORE PASS  -alias  REMHOST  REMPORT  gt  dev null     then     echo  Key of  REMHOST already found  skipping it       else      KEYTOOL -import -trustcacerts -noprompt -storepass   KEYSTORE PASS  -alias  REMHOST  REMPORT -file  tmp  REMHOST  REMPORT pem     fi  if  KEYTOOL -list -storepass   KEYSTORE PASS  -alias  REMHOST  REMPORT -keystore   CACERTS   gt  dev null     then     echo  Key of  REMHOST already found in cacerts  skipping it       else      KEYTOOL -import -trustcacerts -noprompt -keystore   CACERTS  -storepass   KEYSTORE PASS  -alias  REMHOST  REMPORT -file  tmp  REMHOST  REMPORT pem     fi  fi  done

User · Answer

This worked for me        sudo keytool -importcert -file filename cer -alias randomaliasname -keystore  JAVA HOME jre lib security cacerts -storepass changeit

[java] How to properly import a selfsigned certificate into Java keystore that is available to all Java applications by default?

Examples related to java

Examples related to certificate

Examples related to ssl-certificate

Examples related to keystore

Examples related to keytool