Skip to content

Adding a Server Certificate to Java Keystore

August 16, 2012

Note: The default password for Keytool is: changeit


  1. Get the certificate
    • How to get the certificate with Firefox
      1. Open Firefox
      2. Navigate to the server you wish to get the certificate from (should connect to the server of an HTTPS connect)
      3. To the very left of the URL you will see a padlock image. Click on it and click more information.
      4. Click View Certificate
      5. Click on the Details tab
      6. Click Export and save it on your hard drive as a PEM file.
  2. Import the servers certificate into Java Keystore
    1. Open a command prompt window
    2. Change directory to the JDK’s JRE that you wish to add the certificate to and go into the lib/security folder.
      cd C:\Program Files\Java\jdk1.6.0_25\jre\lib\security
    3. create a backup copy of the cacerts file.
      COPY cacerts
  3. Use the keytool to add the certificate
    keytool -import -file {Certificate Location} -keystore cacerts -alias {some unique name for the cert}
    • Note: if you get the error “keytool error: java.lang.Exception: Certificate not imported, alias <mykey> already exists”, then a certificate already exists with the alias name you’ve entered. Try a different one.

Other Actions with Keytool

  • List Keytool functions
    keytool -help
  • List Certificates in keystore
    keytool -list -keystore cacerts

Useful Tools


From → Guide

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: