Adding self-signed https certificates to java keystore

Posted: 2007-10-25

There are several reasons you may need to add a self-signed https ssl certificate to your local java keystore.

For me - its so that maven can access DAV shares for repository deployment.

You need to run the following

$JAVA_HOME/bin/keytool -import -alias <some descriptive name> -file <certificate file> -keystore <path to keystore>

For MAC - keystore is $JAVA_HOME/lib/security/jssecacerts

(and JAVA_HOME on the Mac is /System/Library/Frameworks/JavaVM.framework/Versions//Home)

For Windows/Linux - keystore is $JAVA_HOME/jre/lib/security/jssecacerts

Default password is changeit


If you need to install someone else's certificate and they don't have a download link then the following from may help:

# usage: [port]
echo |\
openssl s_client -connect ${REMHOST}:${REMPORT} 2>&1 |\

Update 2013-11-22

Mac certificate file path - the path given above matches the JDKs from Apple. The path for the certificate file if you're using java 7 from oracle on your mac will match the path given for windows/linux above - in other words - from java 7 and on - the path is the same for windows/linux/mac (makes sense since the JDK now comes from the same place).