If you use a self-signed SSL certificate or a certificate that has been issued by unknown CA (certificate authority), Java client will raise an exception:
SunCertPathBuilderException: unable to find valid certification path to requested target
To resolve this issue the self-signed certificate or the CA certificate should be imported into Java keystore using a keytool command.
In this note i will show how to import a certificate into Java keystore using the keytool command in a non-interactive way.
I will also show an example of how to import a CA certificate into Java keystore cacerts.
Cool Tip: List Java certificates using keytool -list command! Read more →
Import Certificate using Keytool
Import certificate into Java keystore:
$ keytool -import \
-trustcacerts \
-keystore <keystore_file_path> \
-storepass <keystore_password> \
-noprompt \
-alias <certificate_alias> \
-file <certificate_file_path>
| Option | Description |
|---|---|
-import |
Import a certificate or a certificate chain |
-trustcacerts |
Trust certificates from ‘cacerts’ |
-keystore <keystore_file_path> |
Keystore file path |
-storepass <keystore_password> |
Keystore password (default: changeit) |
-noprompt |
Do not prompt |
-alias <certificate_alias> |
Certificate alias |
-file <certificate_file_path> |
Input certificate file path |
Import certificate into Java keystore cacerts:
$ keytool -import \
-trustcacerts \
-keystore $JAVA_HOME/jre/lib/security/cacerts \
-storepass changeit \
-noprompt \
-alias intraca \
-file intraca.cer
Simple and useful. Thanks!