How to Import SSL Certificates into the Java Keystore for Application-Wide Trust?

Importing SSL Certificates into Java Keystore for Application-Wide Trust

To import a self-signed certificate into the Java keystore, ensuring trust across all Java applications by default, you can follow the below steps:

On Windows:

1. Install Portecle: Download and install the Portecle program.
2. Identify Java Version: Determine which JRE/JDK is used (e.g., via Process Explorer or System.getProperty("java.home")).
3. Back Up Keystore: Copy the "cacerts" file from JAVA_HOMElibsecurity to a different folder.
4. Open Keystore with Portecle: In Portecle, open the backed-up "cacerts" file with the password "changeit".
5. Import Certificate: Click Tools > Import Trusted Certificate and navigate to the ".pem" certificate file.
6. Accept Warning: Confirm the import, accepting the warning about the trust path.
7. Save and Replace Keystore: Save the changes and overwrite the original "cacerts" file in JAVA_HOMElibsecurity.

On Linux:

1. Download Certificate: Retrieve the certificate from an existing web server using:
   $ echo -n | openssl s_client -connect www.example.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/examplecert.crt
2. Verify Certificate: Optionally, verify the certificate information with:
   $ openssl x509 -in /tmp/examplecert.crt -text
3. Import into Keystore: Import the certificate into the keystore with:
   `$ keytool -import -trustcacerts -keystore /opt/java/jre/lib/security/cacerts
   -storepass changeit -noprompt -alias mycert -file /tmp/examplecert.crt`

The above is the detailed content of How to Import SSL Certificates into the Java Keystore for Application-Wide Trust?. For more information, please follow other related articles on the PHP Chinese website!