BowerStudios.com

  • My Lab
  • Family
  • Friends
  • Professional
  • About
Home

Import a Self-Signed Certificate into Java (JBOSS/Tomcat/etc) on Windows/Linux

daniel —Thu, 09/03/2009 - 3:49pm

  • Java

My scenario, is allowing a java application to call an https address on another computer that has a self-signed certificate. By default the jre will not accept self-signed certificates.

The paths will be slightly different on Linux.

You'll need to know the following paths:

  • The path to the certificate file. Usually named something like server.cert
  • The path to the jre that you are using. Be aware that you might have more than one jre installed on your machine. You need to use the jre that is being used by the java program that is consuming the certificate.
    In my case, that path is:
    C:\Program Files (x86)\Java\jdk1.6.0_13\jre\

Once you've figured out the above, you can:

  • Start a SuperUser/Administrator console by going to the start menu and right-clicking on the "Command Prompt" program. Select "Run as Administrator".
  • Import the certificate
    "C:\Program Files (x86)\Java\jdk1.6.0_13\jre\bin\keytool" -import -file C:\enterThePathToTheCertificateHere\server.cert -keypass changeit -keystore "C:\Program Files (x86)\Java\jdk1.6.0_13\jre\lib\security\cacerts" -alias servername
    Enter the password "changeit" (yes it really is "changeit")
  • Log in to post comments

Comments

Ubuntu Example

Submitted by daniel on Wed, 06/22/2011 - 12:44pm

sudo keytool -import -file /etc/ssl/certs/local.crt -keypass changeit -keystore /etc/java-6-sun/security/cacerts -alias localhost

  • Log in to post comments

update for Ubuntu

Submitted by daniel on Thu, 12/20/2012 - 5:13pm

/etc/ssl/certs/java/cacerts

  • Log in to post comments

mac

Submitted by daniel on Wed, 06/29/2011 - 4:57pm

Not that I condone using such a platform, but here is the line for snow leopard:
sudo keytool -import -file server.crt -keypass changeit -keystore /Library/Java/Home/lib/security/cacerts -alias localhost

  • Log in to post comments

update for mac

Submitted by daniel on Thu, 12/20/2012 - 5:11pm

you might need: Library/Java/Home/jre/lib/security/cacerts

  • Log in to post comments

Where is the cert?

Submitted by daniel on Wed, 08/22/2012 - 4:45pm

If you don't have easy access to the cert, check out this tool by Andreas Sterbenz (mirrored by Natural Order Development)

  • Log in to post comments

Navigation

  • Search
  • Recent content
  • Contact Me
  • Mail
  • Pass Hasher
  • Bower Studios Admin

Quotes

daniel —Fri, 08/25/2006 - 10:16pm

Apply your heart to instruction and your ears to words of knowledge.

—

Proverbs 23:11

  • Log in to post comments
  • daniel's quotes

Popular content

Last viewed:

  • mysqldump: Got error: 144: Table 'mytablename' is marked as crashed and last (automatic?) repair failed when using LOCK TABLES
  • Miss America in 1921
  • CPA Links
  • Ownership & Permissions Guide
  • Create a random string with Groovy

Copyright 2018 Daniel Bower
  • My Lab
  • Family
  • Friends
  • Professional
  • About