Link to home
Start Free TrialLog in
Avatar of dwb178
dwb178

asked on

Adding a certificate to Trusted Certificates

Hello all,

Trying to do the same thing that this poster was doing. https://www.experts-exchange.com/questions/22972575/Adding-a-certificate-to-Trusted-Certificates.html?sfQueryTermInfo=1+certif+trust 

I was wondering if anyone had a sample of how to use keytool to do this.
ASKER CERTIFIED SOLUTION
Avatar of CEHJ
CEHJ
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
there is absolutely no point in doing so.

the trust store for self signed (CA) certificates is the cacert file in the security subdirectory, under lib in the java home path.

its easier and quicker to just replace that file from the server with one already imported correctly, rather than trying each time to re-import from a pem certificate.
use keytool command line executable program provided by java to add your certificate.
>>
its easier and quicker to just replace that file from the server with one already imported correctly, rather than trying each time to re-import from a pem certificate.
>>

Surely that would only be the case if each cacerts were identical other than the replacement having the extra required cert?
Avatar of dwb178
dwb178

ASKER

Hello all,

Thank you for the suggestions, however, I have not found a solution for my problem. I will elaborate on it a little more in hopes of finding an answer.

The project I am working on displays "Do you want to trust the sign applet by.....   Yes, No, Always". If I choose yes or always, I notice it modifies the C:\Documents and Settings\MyUserName\Application Data\Sun\Java\Deployment\security\deployment.certs file. I have tried using keytool to write to this file using the following command.

keytool.exe -import -file "C:\myCert.csr" -keystore "C:\Documents and Settings\MyUserName\Application Data\Sun\Java\Deployment\security\deployment.certs"

I am prompted for a password. I have tried changeit, "" (without spaces), and my Windows password and receive "keystore was tampered with, or password was incorrect" error message.

Does anyone know what the default password for deployment.certs file is?

I can simply replace the deployment.certs file with a known good one and have it work, but like CEHJ mentioned it would overwrite any changes that have been made to it.
What happens when you use the code at the link i posted?
the cacerts *should* be standardized, if this is a corporate solution. you don't want any certificates in there other than the ones you approved.
>>the cacerts *should* be standardized,

That's probably true, but is a different issue really, If there were a pristine and final certs file that could be copied/used enterprise wide, that would be fine. How would the certs get into that file in the first place?

>>Does anyone know what the default password for deployment.certs file is?

Did you try 'changeit' ?
Avatar of dwb178

ASKER

@CEHJ
The tool says it added the certificate and I can see it listed in there using keytool and yes I tried the default password of changeit.

I also tried manually adding the cert to cacerts using keytool using the following command.

keytool -import -file "C:\myCert.csr" -trustcacerts -keystore "C:\Program Files\JavaSoft\JRE\1.4.2_13\lib\security\cacerts"

I enter yes when asked Trust this certificate.

I followed this tutorial http://www.mobilefish.com/tutorials/java/java_quickguide_keytool.html skipping steps 1-8 since the cert I have is already signed by Verisign, however, don't see the cert when I pull it up in Java Control Panel.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
>> however, don't see the cert when I pull it up in Java Control Panel.

Make sure you've added it the right JRE - that one you mentioned is pretty old
Avatar of dwb178

ASKER

Thanks for your help guys. I ended up updating Java to at least version 1.5 and using the following command:

keytool.exe -import  -file c:\my_cert.csr -keystore "C:\Documents and Settings\myuser\Application Data\Sun\Java\Deployment\security\trusted.certs" -storepass "" noprompt

:-)