HomeAdding self-signed https certificates to java keystore

Adding self-signed https certificates to java keystore

Thu, 2007-10-25 09:57 — chris

There are several reasons you may need to add a self-signed https ssl certificate to your local java keystore.

For me - its so that maven can access DAV shares for repository deployment.

You need to run the following


$JAVA_HOME/bin/keytool -import -alias <some descriptive name> -file <certificate file> -keystore <path to keystore>

For MAC - keystore is $JAVA_HOME/lib/security/jssecacerts

(and JAVA_HOME on the Mac is /System/Library/Frameworks/JavaVM.framework/Versions/<your version>/Home)

For Windows/Linux - keystore is $JAVA_HOME/jre/lib/security/jssecacerts

Default password is changeit

Update

If you need to install someone else's certificate and they don't have a download link then the following from (http://www.madboa.com/geek/openssl/#cert-retrieve) may help:

#!/bin/sh
#
# usage: retrieve-cert.sh remote.host.name [port]
#
REMHOST=$1
REMPORT=${2:-443}

echo |\
openssl s_client -connect ${REMHOST}:${REMPORT} 2>&1 |\
sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
Technorati Tags:

Reply

  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <img> <p> <pre> <hr>
  • Lines and paragraphs break automatically.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Insert Flickr images: [flickr-photo:id=230452326,size=s] or [flickr-photoset:id=72157594262419167,size=m].
  • Replace [debbug:xxxxx] with a link to the relevant debian bug.
  • Images can be added to this post.
  • You may link to Gallery2 items on this site using a special syntax.
  • Insert Google Map macro.
  • Textual smileys will be replaced with graphical ones.

More information about formatting options

Google