How to search Java Keystore to see if a certificate is on the list:
confirm that Java path is added to the Environment Variables. For example
Variable name: JAVA_HOME Variable value:
C:\Program Files\Java\jre1.8.0_192
Test it:
C:\Users\Test>echo %java_home% C:\Program Files\Java\jre1.8.0_192
Try listing all the certificates in the keystore using this command
C:\Users\Test>keytool -list -keystore "C:\program files\java\jre1.8.0_192\lib\security\cacerts
Enter keystore password:
Keystore type: jks
Keystore provider: SUN
Sample Output:
Your keystore contains 156 entries
verisignclass2g2ca [jdk], Apr 25, 2016, trustedCertEntry,Certificate fingerprint (SHA1): B3:EA:C4:47:76:C9:C8:1C:F2:9D:95:B6:CC:A0:08:1B:97:EC:9Ddigicertassuredidg3 [jdk], Mar 25, 2016, trustedCertEntry,Certificate fingerprint (SHA1): F5:17:A2:4F:48:C6:C9:F8:A2:00:26:9F:DC:0F:48:2C:AB:40:89verisignuniversalrootca [jdk], Feb 25, 2016, trustedCertEntry,Certificate fingerprint (SHA1): 36:79:CA:35:66:87:72:30:4D:30:A5:FB:87:3B:0F:A7:7B:B7:99digicerttrustedrootg4 [jdk], Jan 25, 2016, trustedCertEntry,
Create a text file of the certificate list for easy parsing, do not forget to add a password to the list being generated.
C:\Users\Test>keytool -list -keystore "C:\program files\java\jre1.8.0_192\lib\security\cacerts" > keytool_list.txt
How to Import individual Certs into Java Keystore:
C:\Users\Test>keytool -keystore "C:\program files\java\jre1.8.0_192\lib\security\cacerts" -importcert -file "Name_of_cert_to_import.cer" -alias "Name_of_cert_being_imported"
if imported successfully, the system will ask you if it should trust the certificate, type yes
and then you will get this confirmation message
Certificate was added to keystore
Run this command again and search the text file for the added certificates to make sure they were added correctly.
C:\Users\Test>keytool -list -v -keystore "C:\program files\java\jre1.8.0_192\lib\security\cacerts" > keytool_list.txt
Comments