Best IT Recipes

Digital certificate: how to import a .cer file into a .truststore file with?

Has anyone come across where they have to deal with the .truststore file? and know how to import .cer into a .truststore file?

I'm not sure if I need to use the Java Keytool or Linux command (e.g. openssl command).

thank

+60
digital-certificate truststore
Dec 17 '08 at 0:33
source share
3 answers
# Copy the certificate into the directory Java_home\Jre\Lib\Security # Change your directory to Java_home\Jre\Lib\Security> # Import the certificate to a trust store. keytool -import -alias ca -file somecert.cer -keystore cacerts -storepass changeit [Return] Trust this certificate: [Yes]

changeit is the default trust password

+129
Dec 17 '08 at 0:42
source share

Instead of using sed to filter the certificate, you can also pass openssl s_client through openssl x509 -out certfile.txt , for example:

 echo "" | openssl s_client -connect my.server.com:443 -showcerts 2>/dev/null | openssl x509 -out certfile.txt
+20
May 23 '12 at 20:34
source share

The question is how to import the .cer file into the trust store, but I have a .crt file that I exported from Firefox.

A web search on how to import .crt to trust the repository points to this question. Since I learned how to import .crt into the trust repository, I am also responding to this.

Answer: the same as for .cer files.

By the way, you do not need to specify an alias, and you can enter the keystore password after entering the command:

 keytool -v -import -file somefile.crt -alias somecrt -keystore my-cacerts

It is preferable to use the cacerts file, which is already in your Java installation (jre \ lib \ security \ cacerts), since it contains already secure "popular" certificates.

Update on the differences between cer and crt (just for clarification) According to Apache with SSL - how to convert CER certificates to CRT? and user @Spawnrider

CER is an X.509 certificate in binary form encoded by DER.
CRT is an X.509 binary certificate encapsulated in text (base-64) encoding.
This is not the same coding.

+2
Sep 14 '16 at 20:24
source share


More articles:


All Articles