Java keytool easy way to add server cert from url port

Question

I have a server with a self signed certificate  but also requires client side cert authentication  I am having a rough time trying to get the raw CA server cert so I can import it into a keystore  Anyone have some suggestions on how to easily do that  Thanks

User · Answer

You can export a certificate using Firefox  this site has instructions   Then you use keytool to add the certificate

User · Answer

Was looking at how to trust a certificate while using jenkins cli  and found https   issues jenkins-ci org browse JENKINS-12629 which has some recipe for that   This will give you the certificate   openssl s client -connect   HOST    PORT   lt  dev null   if you are interested only in the certificate part  cut it out by piping it to     sed -ne   -BEGIN CERTIFICATE-   -END CERTIFICATE- p    and redirect to a file    gt    HOST  cert   Then import it using keytool   keytool -import -noprompt -trustcacerts -alias   HOST  -file   HOST  cert       -keystore   KEYSTOREFILE  -storepass   KEYSTOREPASS    In one go   HOST myhost example com PORT 443 KEYSTOREFILE dest keystore KEYSTOREPASS changeme    get the SSL certificate openssl s client -connect   HOST    PORT   lt  dev null         sed -ne   -BEGIN CERTIFICATE-   -END CERTIFICATE- p   gt    HOST  cert    create a keystore and import certificate keytool -import -noprompt -trustcacerts       -alias   HOST  -file   HOST  cert       -keystore   KEYSTOREFILE  -storepass   KEYSTOREPASS     verify we ve got it  keytool -list -v -keystore   KEYSTOREFILE  -storepass   KEYSTOREPASS  -alias   HOST

User · Answer

Just expose dnozay s answer to a function so that we can import multiple certificates at the same time     usr bin env sh  KEYSTORE FILE  path to keystore jks KEYSTORE PASS changeit   import cert       local HOST  1   local PORT  2      get the SSL certificate   openssl s client -connect   HOST    PORT   lt  dev null   sed -ne   -BEGIN CERTIFICATE-   -END CERTIFICATE- p   gt    HOST  cert      delete the old alias and then import the new one   keytool -delete -keystore   KEYSTORE FILE  -storepass   KEYSTORE PASS  -alias   HOST   amp  gt   dev null      create a keystore and import certificate   keytool -import -noprompt -trustcacerts         -alias   HOST  -file   HOST  cert         -keystore   KEYSTORE FILE  -storepass   KEYSTORE PASS     rm   HOST  cert    import cert stackoverflow com 443 import cert www google com 443 import cert 172 217 194 104 443   google

User · Answer

I use openssl  but if you prefer not to  or are on a system  particularly Windows  that doesn t have it  since java 7 in 2011 keytool can do the whole job    keytool -printcert -sslserver host  port  -rfc  gt tempfile  keytool -import  -noprompt  -alias nm -keystore file  -storepass pw   -storetype ty   lt tempfile     or with noprompt and storepass  so nothing on stdin besides the cert  piping works   keytool -printcert -sslserver host  port  -rfc   keytool -import -noprompt -alias nm -keystore file -storepass pw  -storetype ty    Conversely  for java 9 up always  and for earlier versions in many cases  Java can use a PKCS12 file for a keystore instead of the traditional JKS file  and OpenSSL can create a PKCS12 without any assistance from keytool   openssl s client -connect host port  lt  dev null   openssl pkcs12 -export -nokeys  -name nm   -passout option  -out p12file    lt NUL on Windows   default is to prompt for password  but -passout supports several options    including actual value  envvar  or file  see the openssl 1ssl  man page

User · Answer

There were a few ways I found to do this    Firefox  Add Exception -  Get Certificat -  View -  Details -  Export    KeyMan  http   www alphaworks ibm com tech keyman  You can get SSL cert directly from the File -  Import menu InstallCert  Code by Andreas Sterbenz          java InstallCert  host   port       keytool -exportcert -keystore jssecacerts -storepass changeit -file output cert     keytool -importcert -keystore  DESTINATION KEYSTORE  -file output cert

[java] Java keytool easy way to add server cert from url/port

Examples related to java

Examples related to ssl-certificate

Examples related to keytool