Importing SSL Certificates into Java Keystore for Application-Wide Trust
To import a self-signed certificate into the Java keystore, ensuring trust across all Java applications by default, you can follow the below steps:
On Windows:
-
Install Portecle: Download and install the Portecle program.
-
Identify Java Version: Determine which JRE/JDK is used (e.g., via Process Explorer or System.getProperty("java.home")).
-
Back Up Keystore: Copy the "cacerts" file from JAVA_HOMElibsecurity to a different folder.
-
Open Keystore with Portecle: In Portecle, open the backed-up "cacerts" file with the password "changeit".
-
Import Certificate: Click Tools > Import Trusted Certificate and navigate to the ".pem" certificate file.
-
Accept Warning: Confirm the import, accepting the warning about the trust path.
-
Save and Replace Keystore: Save the changes and overwrite the original "cacerts" file in JAVA_HOMElibsecurity.
On Linux:
-
Download Certificate: Retrieve the certificate from an existing web server using:
$ echo -n | openssl s_client -connect www.example.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/examplecert.crt
-
Verify Certificate: Optionally, verify the certificate information with:
$ openssl x509 -in /tmp/examplecert.crt -text
-
Import into Keystore: Import the certificate into the keystore with:
`$ keytool -import -trustcacerts -keystore /opt/java/jre/lib/security/cacerts
-storepass changeit -noprompt -alias mycert -file /tmp/examplecert.crt`
The above is the detailed content of How to Import SSL Certificates into the Java Keystore for Application-Wide Trust?. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
