How to Import the Certificate as a Trusted Certificate with keytool

HowtTos / December 09, 2019 / By:

Contents

  1. Step 1: Check your  java path
  2. Step 2: Check  your  "cacerts" file
  3. Step 3: Import  the  Certificate as  trusted  Certificate
    1. For  Linux;
    2. For  Windows;

We suppose that you have already downloaded the certificate file from your web browser or you get it from your client. If you don't have  Certificate file you can get it from Chrome call URL and press f12. You can view the certificate and also download it to your local server. Also if you have an OpenSSL package that runs on your computer you can use it to download the Certificate file. I added the command below.

#openssl s_client -showcerts -connect <IP>:<Port>  < /dev/null | openssl x509 -outform DER >  <Certname.der>

Step 1: Check your  java path

[root@TEST~]# lsof -i :8080
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
java 3270 appuser 46u IPv6 17141038 0t0 TCP *:webcache (LISTEN)
[root@TEST~]#

[root@TEST~]# ps -ef|grep 3270|awk '{print $8}'
//bin/java
[root@TEST~]# ls -ld /bin/java
lrwxrwxrwx. 1 root root 46 Dec 2 2015 /bin/java -> /usr/lib/jvm/jre-1.7.0-openjdk.x86_64/bin/java
[root@TEST~]# ls -ld /usr/lib/jvm/jre-1.7.0-openjdk.x86_64/bin/java
-rwxr-xr-x. 1 root root 9904 May 27 2015 /usr/lib/jvm/jre-1.7.0-openjdk.x86_64/bin/java
[root@TEST~]#

If your application is running on a Windows server you should check which  JAVA  you use. The command is the same as  "Linux". Just type "java  -version" and redirect under  program files>JAVA path and then version of java that you use.

Step 2: Check  your  "cacerts" file

[root@TEST~]# ls -ld /usr/lib/jvm/jre-1.7.0-openjdk.x86_64/lib/security/cacerts
lrwxrwxrwx. 1 root root 41 Nov 11 2015 /usr/lib/jvm/jre-1.7.0-openjdk.x86_64/lib/security/cacerts -> ../../../../../../../etc/pki/java/cacerts
[root@TEST~]#cd ../../../../../../../etc/pki/java/

[root@sigortat00 java]# pwd
/etc/pki/java
[root@sigortat00 java]# ls -ld cacerts
-rw-r--r--. 1 root root 195081 Oct 3 14:29 cacerts

Step 3: Import  the  Certificate as  trusted  Certificate

cacerts: Cacerts  file  is  the  file which  we  find out the location on step 2

alias: It's optional. You can give whatever you want.

File: The path of your new Trusted certificate which needs to be added cacerts.You download or get it before start step 1.

For  Linux;

#/usr/lib/jvm/jre-1.7.0-openjdk.x86_64/bin/keytool -keystore  cacerts  -importcert -alias SERtifOTPService -file  /tmp/SERtifOTP.cer

For  Windows;

"C:\Program Files\Java\jre1.8.0_101\bin\keytool.exe" -keystore   "C:\Program Files\Java\jre1.8.0_101\lib\security\cacerts" -importcert -alias TEST --file  "C:\Users\TEST\Desktop\TEST.cer"

-After running this command set you need first type default password which is "changeit".

-If you typed password correct then it'll ask yes or no. You'll type "yes"

-Also, you can check if you imported the certificate successfully or not.

C:\>"C:\Program Files\Java\jre1.8.0_101\bin\keytool.exe" -list -keystore "C:\Program Files\Java\jre1.8.0_101\lib\security\cacerts"|findstr test
Enter keystore password: changeit
test, Dec 28, 2016, trustedCertEntry,

Now you need to restart your java process. You should restart your service.

 

Tagged In:

I'm a IT Infrastructure and Operations Architect with extensive experience and administration skills and works for Turk Telekom. I provide hardware and software support for the IT Infrastructure and Operations tasks.

205 Total Posts
Follow Me