Skip to content

Instantly share code, notes, and snippets.

@dynax60

dynax60/README.md

Last active May 11, 2018 08:47
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save dynax60/fb1d66b944b0394e96a3abcf3d435b87 to your computer and use it in GitHub Desktop.
Save dynax60/fb1d66b944b0394e96a3abcf3d435b87 to your computer and use it in GitHub Desktop.
Download ZIP
How to import Google's PKI to Java
Raw
README.md

Trust Google PKI in Java

  1. Download all Google's CA Certificates from official Google Trust Services: https://pki.goog/
  2. Import all certs to local keystore, say google.certs:
keytool -import -keystore google.certs -nonoprompt -storepass "changeit" -file file.crt
...
  1. Download import.bat and place it in the same directory as google.certs is, then run import.bat to merge cacerts keystore with google's CA certificates. You need Administrator rights to do changes.
Raw
import.bat
@echo off
setlocal
set KEY="HKLM\SOFTWARE\JavaSoft\Java Runtime Environment"
set VALUE=CurrentVersion
reg query %KEY% /v %VALUE% 2>nul || (
echo JRE not installed
exit /b 1
)
set JRE_VERSION=
for /f "tokens=2,*" %%a in ('reg query %KEY% /v %VALUE% ^| findstr %VALUE%') do (
set JRE_VERSION=%%b
)
set KEY="HKLM\SOFTWARE\JavaSoft\Java Runtime Environment\%JRE_VERSION%"
set VALUE=JavaHome
set JAVA_HOME=
for /f "tokens=2,*" %%a in ('reg query %KEY% /v %VALUE% ^| findstr %VALUE%') do (
set JAVA_HOME=%%b
)
if "%JAVA_HOME%" equ "" (
echo JRE not installed
exit /b 1
)
set SRC_KEYSTORE=google.certs
set SRC_KS_PASS="changeit"
set DST_KEYSTORE=%JAVA_HOME%\lib\security\cacerts
set DST_KS_PASS="changeit"
"%JAVA_HOME%\bin\keytool.exe" -importkeystore -srckeystore "%SRC_KEYSTORE%" -srcstorepass "%SRC_KS_PASS%" -destkeystore "%DST_KEYSTORE%" -deststorepass "%DST_KS_PASS%"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment