How to import a jks certificate in java trust store

java ssl https keytool jks
67,382

Solution 1

The ".jks" is the truststore, or at least it should be if you assign it to JSSE. You should add the certificates from your CA to that file. The software will then look up the certificate chain by iterating through the certificates. The private key should remain in the (password protected) ".jks" file.

In other words, you should import certificates to the ".jks" not export certificates out of it. You may have to download the certificates of your specific provider separately if they are not included in the response of your certificate request. You proabably could export them from your favourite browser as well. Normally these are stored in X5.09 DER format (which should be compatible with the Java keytool).

Steps (in general):

  1. Generate a key pair & cert request, store into new or existing key store (.jks)
  2. Send the certificate request to be signed, obtain chain starting with the certificate that you requested
  3. Import certificate chain into key store with private key
  4. Generate new or use existing key store for the party that needs to do the verification (at least one or more clients when using SSL), and import the certificate chain
  5. Trust a certicificate in the certificate chain in the above key store, probably the top most certificate (the "root" certificate).
  6. Configure and test the parties, e.g. a server using the key store with the private key and multiple clients using the latter key store.

Solution 2

#Use Keytool command to generate a self-signed certificate and install the certificate in Client Machine JDK Security Key store path.

# generate a certificate using JKS format keystore
keytool -genkey -alias selfrest -keyalg RSA -keypass pass123 -storetype JKS -keystore selfsigned.jks -storepass pass123 -validity 360 -keysize 2048

# To check the content of the keystore, we can use keytool again:
keytool -list -v -keystore selfsigned.jks

#Export Self signed certificate into .cer file
keytool -exportcert -alias selfrest -keystore selfsigned.jks -file selfsigned.cer

# (Run As Administrator- to open CMD.exe)
# Install self-signed certificate into Java JDK CA Certificate key store path
# to avoid giving certificate path in the client program.
keytool -import -alias selfrest -keystore "C:\Program Files\Java\jdk1.8.0_181\jre\lib\security\cacerts" -file selfsigned.cer

# List certificates stored in JDK Key store which you have just now imported into JDK Security path.
keytool -list -keystore "%JAVA_HOME%\jre\lib\security\cacerts
Share:
67,382
Arci
Author by

Arci

An Android and J2EE developer.

Updated on July 05, 2022

Comments

  • Arci
    Arci almost 2 years

    How do I import a .jks file into the java security's truststore? All the tutorial I'm seeing is using a ".crt" file. However, I only have the ".jks" file which is also the keystore I generated using the keytool command.

    Currently, I'm following this tutorial.

    I was able to generate a Java keystore and key pair and generate a certificate signing request (CSR) for an existing Java keystore, which is based on the tutorial. But I cannot import a root or intermediate CA certificate to an existing Java keystore, and import a signed primary certificate to an existing Java keystore, because it is looking for a ".cert" file.

    Am I missing something on the steps listed on the tutorial? How can I trust a certificate if the only file I have is the ".jks" file? And what is the use of the ".csr" file?

    Please note that I'm using Windows.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to automatically install self signed certificate in IE Trusted Root Certification Authorities store
java.lang.Exception: Public keys in reply and keystore don't match
Accept server's self-signed ssl certificate in Java client
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Flutter https with self signed certificate
javax.net.ssl.SSLException: Certificate for <> doesn't match any of the subject alternative names: []
Using BouncyCastle for a simple HTTPS query
How to enable TLSv1.2 in JAVA 7u80 client
Where the KeyStore password and key password stored
Android SSL https post