Import a Self-Signed Certificate into Java (JBOSS/Tomcat/etc) on Windows/Linux
daniel —Thu, 09/03/2009 - 3:49pm
My scenario, is allowing a java application to call an https address on another computer that has a self-signed certificate. By default the jre will not accept self-signed certificates.
The paths will be slightly different on Linux.
You'll need to know the following paths:
- The path to the certificate file. Usually named something like server.cert
- The path to the jre that you are using. Be aware that you might have more than one jre installed on your machine. You need to use the jre that is being used by the java program that is consuming the certificate.
In my case, that path is:
C:\Program Files (x86)\Java\jdk1.6.0_13\jre\
Once you've figured out the above, you can:
- Start a SuperUser/Administrator console by going to the start menu and right-clicking on the "Command Prompt" program. Select "Run as Administrator".
- Import the certificate
"C:\Program Files (x86)\Java\jdk1.6.0_13\jre\bin\keytool" -import -file C:\enterThePathToTheCertificateHere\server.cert -keypass changeit -keystore "C:\Program Files (x86)\Java\jdk1.6.0_13\jre\lib\security\cacerts" -alias servername
Enter the password "changeit" (yes it really is "changeit")
- Log in to post comments
Comments
Ubuntu Example
Submitted by daniel on Wed, 06/22/2011 - 12:44pmsudo keytool -import -file /etc/ssl/certs/local.crt -keypass changeit -keystore /etc/java-6-sun/security/cacerts -alias localhostupdate for Ubuntu
Submitted by daniel on Thu, 12/20/2012 - 5:13pm/etc/ssl/certs/java/cacerts
mac
Submitted by daniel on Wed, 06/29/2011 - 4:57pmNot that I condone using such a platform, but here is the line for snow leopard:
sudo keytool -import -file server.crt -keypass changeit -keystore /Library/Java/Home/lib/security/cacerts -alias localhostupdate for mac
Submitted by daniel on Thu, 12/20/2012 - 5:11pmyou might need: Library/Java/Home/jre/lib/security/cacerts
Where is the cert?
Submitted by daniel on Wed, 08/22/2012 - 4:45pmIf you don't have easy access to the cert, check out this tool by Andreas Sterbenz (mirrored by Natural Order Development)