Keytool: Import Certificate – Java Certs

If you use a self-signed SSL certificate or a certificate that has been issued by unknown CA (certificate authority), Java client will raise an exception:

SunCertPathBuilderException: unable to find valid certification path to requested target

To resolve this issue the self-signed certificate or the CA certificate should be imported into Java keystore using a keytool command.

In this note i will show how to import a certificate into Java keystore using the keytool command in a non-interactive way.

I will also show an example of how to import a CA certificate into Java keystore cacerts.

Cool Tip: List Java certificates using keytool -list command! Read more →

Import Certificate using Keytool

Import certificate into Java keystore:

$ keytool -import \
          -trustcacerts \
          -keystore <keystore_file_path> \
          -storepass <keystore_password> \
          -noprompt \
          -alias <certificate_alias> \
          -file <certificate_file_path>
Option Description
-import Import a certificate or a certificate chain
-trustcacerts Trust certificates from ‘cacerts’
-keystore <keystore_file_path> Keystore file path
-storepass <keystore_password> Keystore password (default: changeit)
-noprompt Do not prompt
-alias <certificate_alias> Certificate alias
-file <certificate_file_path> Input certificate file path

Import certificate into Java keystore cacerts:

$ keytool -import \
          -trustcacerts \
          -keystore $JAVA_HOME/jre/lib/security/cacerts \
          -storepass changeit \
          -noprompt \
          -alias intraca \
          -file intraca.cer