Skip to content

escline/InstallCert

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

Blog post from 2006 is no longer available on oracle.com, so changed to the web archive version.
50647b8

Git stats

Files

Permalink
Failed to load latest commit information.

InstallCert.java

Java program written by Andreas Sterbenz and posted on a blog in Oct, 2006. Link to Java program in Andreas' blog no longer works, but the source was linked in another blog.

Usage

Need to compile, first:

javac InstallCert.java

Note since Java 11, you can run it directly without compiling it first:

java --source 11 InstallCert.java <args>

Access server, and retrieve certificate (accept default certificate 1)

java InstallCert [--proxy=proxyHost:proxyPort] <host>[:port] [passphrase]

Extract certificate from created jssecacerts keystore

keytool -exportcert -alias [host]-1 -keystore jssecacerts -storepass changeit -file [host].cer

Import certificate into system keystore

sudo keytool -importcert -alias [host] -keystore [path to system cacerts] -storepass changeit -file [host].cer

Hint: keystore system cacerts path should be located in $JAVA_HOME/lib/security/cacerts if your $JAVA_HOME env var is set.

Note since Java 11, you can use the -cacerts flag instead of -keystore [cacerts path]

sudo keytool -importcert -alias [host] -cacerts -storepass changeit -file [host].cer

Example

java InstallCert woot.com:443

    Loading KeyStore /usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/security/cacerts...
    Opening connection to woot.com:443...
    Starting SSL handshake...

    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    <...>

    Server sent 1 certificate(s):

     1 Subject O=Woot Inc, C=US, ST=Texas, L=Carrollton, CN=*.woot.com
       Issuer  CN=SecureTrust CA, O=SecureTrust Corporation, C=US
       sha1    4b 46 ca 6b 83 05 b3 51 ff c6 e7 9c fd b3 9b e3 3f 2e c4 53 
       md5     e8 a5 88 1b d5 67 bb fc 88 cc b1 c5 2b ac c4 7d 

    Enter certificate to add to trusted keystore or 'q' to quit: [1]

[enter]

    [
    [
      Version: V3
      Subject: O=Woot Inc, C=US, ST=Texas, L=Carrollton, CN=*.woot.com
      Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

    <...>

    Added certificate to keystore 'jssecacerts' using alias 'woot.com-1'

keytool -exportcert -alias woot.com-1 -keystore jssecacerts -storepass changeit -file woot.com.cer

    Certificate stored in file <woot.com.cer>
  
sudo keytool -importcert -alias woot.com -cacerts -storepass changeit -file woot.com.cer

    Owner: O=Woot Inc, C=US, ST=Texas, L=Carrollton, CN=*.woot.com
    Issuer: CN=SecureTrust CA, O=SecureTrust Corporation, C=US
  
    <...>
  
    Trust this certificate? [no]:
  
yes

    Certificate was added to keystore

About

Java program to retrieve server certificate that can be added to local keystore

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages