Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Bash Commands to Export Cert and Import into Java Truststore

Command to export a cert from a website to a .cer file (example uses Tested with git-bash shell on Windows. Assume similar on Mac?

openssl s_client -servername -connect </dev/null 2>/dev/null | openssl x509 -inform PEM -outform DER -out

Command to import into local java truststore (use your own location of JAVA_HOME)

"$JAVA_HOME"/bin/keytool -keystore "$JAVA_HOME"/jre/lib/security/cacerts -importcert -alias -file

  • default java keystore password is changeit
  • if you get an update denied message, in Windows File Explorer set security on cacerts file to MODIFY for all Users (or chmod on linux)
  • if keytool is not found, define a JAVA_HOME environment variable (or replace $JAVA_HOME with the full path)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment