How do I import certs into keystore in Azul Zulu JDK 11.
Where is the default keystore used by keytool
Import the certificate file into the JVM truststore using the following keytool command: $ keytool -importcert -alias [alias_of_certificate_entry] -file [path_to_certificate_file] -trustcacerts -keystore /path/to/truststore -storetype [storetype]
/lib/security/cacerts
Took me a while to find it, but found the answer here: https://blogs.oracle.com/jtc/openjdk-10-now-includes-root-ca-certificates
From running Azul's Alpine OpenJDK11 container, FROM azul/zulu-openjdk-alpine:11
, the cacerts file is located at /usr/lib/jvm/java-11-zulu11/jre/lib/security/
.
But, to import new certs into it, you only need to specify the -cacerts switch and the command takes care of the rest.
Below is an example of a command I used in a recent Dockerfile:
keytool -importcert -file <my-crt-file-location> -cacerts -keypass changeit -storepass changeit -noprompt -alias <my-alias>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With