Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

JDK 11 import root ca certificates into keystore

Tags:

azul-zulu

How do I import certs into keystore in Azul Zulu JDK 11.

Where is the default keystore used by keytool

like image 608
DarVar Avatar asked Dec 11 '18 15:12

DarVar


People also ask

How do I import a CA root certificate into the JVM trust store?

Import the certificate file into the JVM truststore using the following keytool command: $ keytool -importcert -alias [alias_of_certificate_entry] -file [path_to_certificate_file] -trustcacerts -keystore /path/to/truststore -storetype [storetype]


2 Answers

/lib/security/cacerts

Took me a while to find it, but found the answer here: https://blogs.oracle.com/jtc/openjdk-10-now-includes-root-ca-certificates

like image 61
Yaytay Avatar answered Sep 20 '22 15:09

Yaytay


From running Azul's Alpine OpenJDK11 container, FROM azul/zulu-openjdk-alpine:11, the cacerts file is located at /usr/lib/jvm/java-11-zulu11/jre/lib/security/.

But, to import new certs into it, you only need to specify the -cacerts switch and the command takes care of the rest.

Below is an example of a command I used in a recent Dockerfile:

keytool -importcert -file <my-crt-file-location> -cacerts -keypass changeit -storepass changeit -noprompt -alias <my-alias>
like image 37
Clayton Avatar answered Sep 20 '22 15:09

Clayton