Adding SSL Certificate to Java Keystore

Posted on Mon 23 November 2015 in Java

This is something that crops up from time to time and is annoying to go Stack Overflow mining each time I need it. So I'm putting it here for my sake, and hope it helps you too:

SITE="github.com"
# get github cert from the server
openssl x509 -in <(openssl s_client -connect $SITE:443 -prexit 2>/dev/null) -out ~/$SITE.crt
# add it to the java keystore (yes, the storepass is literally 'changeit')
/usr/java/default/bin/keytool -noprompt -importcert -file ~/$SITE.crt \
    -alias github -keystore /usr/java/default/jre/lib/security/cacerts -storepass changeit
# clean up
rm ~/$SITE.crt

NOTE: Remove the -noprompt flag if you'd prefer to see the cert before accepting it.

bash java ssl cert keystore