dwb178
asked on
Adding a certificate to Trusted Certificates
Hello all,
Trying to do the same thing that this poster was doing. https://www.experts-exchange.com/questions/22972575/Adding-a-certificate-to-Trusted-Certificates.html?sfQueryTermInfo=1+certif+trust
I was wondering if anyone had a sample of how to use keytool to do this.
Trying to do the same thing that this poster was doing. https://www.experts-exchange.com/questions/22972575/Adding-a-certificate-to-Trusted-Certificates.html?sfQueryTermInfo=1+certif+trust
I was wondering if anyone had a sample of how to use keytool to do this.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
use keytool command line executable program provided by java to add your certificate.
>>
its easier and quicker to just replace that file from the server with one already imported correctly, rather than trying each time to re-import from a pem certificate.
>>
Surely that would only be the case if each cacerts were identical other than the replacement having the extra required cert?
its easier and quicker to just replace that file from the server with one already imported correctly, rather than trying each time to re-import from a pem certificate.
>>
Surely that would only be the case if each cacerts were identical other than the replacement having the extra required cert?
ASKER
Hello all,
Thank you for the suggestions, however, I have not found a solution for my problem. I will elaborate on it a little more in hopes of finding an answer.
The project I am working on displays "Do you want to trust the sign applet by..... Yes, No, Always". If I choose yes or always, I notice it modifies the C:\Documents and Settings\MyUserName\Applic ation Data\Sun\Java\Deployment\s ecurity\de ployment.c erts file. I have tried using keytool to write to this file using the following command.
keytool.exe -import -file "C:\myCert.csr" -keystore "C:\Documents and Settings\MyUserName\Applic ation Data\Sun\Java\Deployment\s ecurity\de ployment.c erts"
I am prompted for a password. I have tried changeit, "" (without spaces), and my Windows password and receive "keystore was tampered with, or password was incorrect" error message.
Does anyone know what the default password for deployment.certs file is?
I can simply replace the deployment.certs file with a known good one and have it work, but like CEHJ mentioned it would overwrite any changes that have been made to it.
Thank you for the suggestions, however, I have not found a solution for my problem. I will elaborate on it a little more in hopes of finding an answer.
The project I am working on displays "Do you want to trust the sign applet by..... Yes, No, Always". If I choose yes or always, I notice it modifies the C:\Documents and Settings\MyUserName\Applic
keytool.exe -import -file "C:\myCert.csr" -keystore "C:\Documents and Settings\MyUserName\Applic
I am prompted for a password. I have tried changeit, "" (without spaces), and my Windows password and receive "keystore was tampered with, or password was incorrect" error message.
Does anyone know what the default password for deployment.certs file is?
I can simply replace the deployment.certs file with a known good one and have it work, but like CEHJ mentioned it would overwrite any changes that have been made to it.
What happens when you use the code at the link i posted?
the cacerts *should* be standardized, if this is a corporate solution. you don't want any certificates in there other than the ones you approved.
>>the cacerts *should* be standardized,
That's probably true, but is a different issue really, If there were a pristine and final certs file that could be copied/used enterprise wide, that would be fine. How would the certs get into that file in the first place?
>>Does anyone know what the default password for deployment.certs file is?
Did you try 'changeit' ?
That's probably true, but is a different issue really, If there were a pristine and final certs file that could be copied/used enterprise wide, that would be fine. How would the certs get into that file in the first place?
>>Does anyone know what the default password for deployment.certs file is?
Did you try 'changeit' ?
ASKER
@CEHJ
The tool says it added the certificate and I can see it listed in there using keytool and yes I tried the default password of changeit.
I also tried manually adding the cert to cacerts using keytool using the following command.
keytool -import -file "C:\myCert.csr" -trustcacerts -keystore "C:\Program Files\JavaSoft\JRE\1.4.2_1 3\lib\secu rity\cacer ts"
I enter yes when asked Trust this certificate.
I followed this tutorial http://www.mobilefish.com/tutorials/java/java_quickguide_keytool.html skipping steps 1-8 since the cert I have is already signed by Verisign, however, don't see the cert when I pull it up in Java Control Panel.
The tool says it added the certificate and I can see it listed in there using keytool and yes I tried the default password of changeit.
I also tried manually adding the cert to cacerts using keytool using the following command.
keytool -import -file "C:\myCert.csr" -trustcacerts -keystore "C:\Program Files\JavaSoft\JRE\1.4.2_1
I enter yes when asked Trust this certificate.
I followed this tutorial http://www.mobilefish.com/tutorials/java/java_quickguide_keytool.html skipping steps 1-8 since the cert I have is already signed by Verisign, however, don't see the cert when I pull it up in Java Control Panel.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
>> however, don't see the cert when I pull it up in Java Control Panel.
Make sure you've added it the right JRE - that one you mentioned is pretty old
Make sure you've added it the right JRE - that one you mentioned is pretty old
ASKER
Thanks for your help guys. I ended up updating Java to at least version 1.5 and using the following command:
keytool.exe -import -file c:\my_cert.csr -keystore "C:\Documents and Settings\myuser\Applicatio n Data\Sun\Java\Deployment\s ecurity\tr usted.cert s" -storepass "" noprompt
keytool.exe -import -file c:\my_cert.csr -keystore "C:\Documents and Settings\myuser\Applicatio
:-)
the trust store for self signed (CA) certificates is the cacert file in the security subdirectory, under lib in the java home path.
its easier and quicker to just replace that file from the server with one already imported correctly, rather than trying each time to re-import from a pem certificate.