On Windows the easiest way is to use the program portecle.
- Download and install portecle.
- First make 100% sure you know which JRE or JDK is being used to run your program. On a 64 bit Windows 7 there could be quite a few JREs. Process Explorer can help you with this or you can use:
System.out.println(System.getProperty("java.home"));
- Copy the file JAVA_HOMElibsecuritycacerts to another folder.
- In Portecle click File > Open Keystore File
- Select the cacerts file
- Enter this password: changeit
- Click Tools > Import Trusted Certificate
- Browse for the file mycertificate.pem
- Click Import
- Click OK for the warning about the trust path.
- Click OK when it displays the details about the certificate.
- Click Yes to accept the certificate as trusted.
- When it asks for an alias click OK and click OK again when it says it has imported the certificate.
- Click save. Don’t forget this or the change is discarded.
- Copy the file cacerts back where you found it.
On Linux:
You can download the SSL certificate from a web server that is already using it like this:
$ echo -n | openssl s_client -connect www.example.com:443 |
sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/examplecert.crt
Optionally verify the certificate information:
$ openssl x509 -in /tmp/examplecert.crt -text
Import the certificate into the Java cacerts keystore:
$ keytool -import -trustcacerts -keystore /opt/java/jre/lib/security/cacerts
-storepass changeit -noprompt -alias mycert -file /tmp/examplecert.crt
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…