I have a Java application accessing a service that uses a StartCom SSL certificate. For this to work, I need to add the StartCom CA certs to Java's truststore, because they're not in there by default yet. I've succesfully done that on linux using these commands
sudo keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias startcom.ca -file ca.crt
sudo keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias startcom.ca.sub.class1 -file sub.class1.server.ca.crt
sudo keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias startcom.ca.sub.class2 -file sub.class2.server.ca.crt
sudo keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias startcom.ca.sub.class3 -file sub.class3.server.ca.crt
sudo keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias startcom.ca.sub.class4 -file sub.class4.server.ca.crt
(From this script)
The same command (adapted appropriately) doesn't work on Windows however. I get:
keytool error: java.lang.RuntimeException: Usage error, trustcacerts is not a legal command
How to make it work?
I found out that Java has it's own "certificate Store" which is located in a file in the security-folder inside the lib-folder. You could access this from the Java Control Panel -> Security -> Manage Certificates.
On a Windows system, the location of the Java cacerts keystore is: install_dir \jre\lib\security\, and the location of the keytool is install_dir \jre\bin\.
It was a simple typo. In converting the command I forgot a dash before "trustcacerts". :(
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With