Menu
How do I import a .jks file into the java security's truststore? All the tutorial I'm seeing is using a ".crt" file. However, I only have the ".jks" file which is also the keystore I generated using the keytool command.
Currently, I'm following this tutorial.
I was able to generate a Java keystore and key pair and generate a certificate signing request (CSR) for an existing Java keystore, which is based on the tutorial. But I cannot import a root or intermediate CA certificate to an existing Java keystore, and import a signed primary certificate to an existing Java keystore, because it is looking for a ".cert" file.
Am I missing something on the steps listed on the tutorial? How can I trust a certificate if the only file I have is the ".jks" file? And what is the use of the ".csr" file?
Please note that I'm using Windows.
210
Import the certificate file into the JVM truststore using the following keytool command: $ keytool -importcert -alias [alias_of_certificate_entry] -file [path_to_certificate_file] -trustcacerts -keystore /path/to/truststore -storetype [storetype]
Truststore file, cacerts. jks, contains the Application Server's trusted certificates, including public keys for other entities. For a trusted certificate, the server has confirmed that the public key in the certificate belongs to the certificate's owner.
JKS keystore type jks extension that are stored in the zFS file system. The JKS is referenced by the keyStore element in the server. xml configuration file. You can use a JKS for both keystores and truststores.
The ".jks" is the truststore, or at least it should be if you assign it to JSSE. You should add the certificates from your CA to that file. The software will then look up the certificate chain by iterating through the certificates. The private key should remain in the (password protected) ".jks" file.
In other words, you should import certificates to the ".jks" not export certificates out of it. You may have to download the certificates of your specific provider separately if they are not included in the response of your certificate request. You proabably could export them from your favourite browser as well. Normally these are stored in X5.09 DER format (which should be compatible with the Java keytool).
Steps (in general):
.jks)
177
#Use Keytool command to generate a self-signed certificate and install the certificate in Client Machine JDK Security Key store path.
# generate a certificate using JKS format keystore
keytool -genkey -alias selfrest -keyalg RSA -keypass pass123 -storetype JKS -keystore selfsigned.jks -storepass pass123 -validity 360 -keysize 2048
# To check the content of the keystore, we can use keytool again:
keytool -list -v -keystore selfsigned.jks
#Export Self signed certificate into .cer file
keytool -exportcert -alias selfrest -keystore selfsigned.jks -file selfsigned.cer
# (Run As Administrator- to open CMD.exe)
# Install self-signed certificate into Java JDK CA Certificate key store path
# to avoid giving certificate path in the client program.
keytool -import -alias selfrest -keystore "C:\Program Files\Java\jdk1.8.0_181\jre\lib\security\cacerts" -file selfsigned.cer
# List certificates stored in JDK Key store which you have just now imported into JDK Security path.
keytool -list -keystore "%JAVA_HOME%\jre\lib\security\cacerts
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
