Securty Cert in Java/Cold Fusion

I have  cold fusion site running on Windows 2008.
I'm trying to connect to an outside web service and the admin on the other end is telling me I need to install this:
I've never see this before or heard of the command that is needed to install it "Keytool".
I tried running keytool in Powershell and on the regular command line but it's not found.

How do I get the keytool utility installed and any other advise on installing this cert?  

I am running CF
The JRE  is 1.60_14

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Unfortunately, I can't stick around tonight, but keytool is executable included with the jvm. The exact location depends on which JVM the CF server is using.  You can find the path under the "Java & JVM" section of the CF Admin screen. For a default install, it's located in {cfroot}\jre\bin  . For example, in CF10 the default path for a single server install is:


The "keystore", or where certificate info is stored, is located in a file called "cacerts".  Again, the location varies, but the default keystore for CF is located at {cfroot}\jre\lib.  Example, in CF10 the default path for a single server install is:


Important: Keystore's are usually protected by a password. The default password is "changeit"  . Obviously, that's a hint that everyone should change the default password.  Just don't lose it or you'll be locked out!

To install a cert, run keytool.exe from the command prompt. If you have multiple versions of java installed, there can be multiple keystores.  A common mistake is importing the cert into the wrong keystore. Be sure you specify the FULL path to keytool.exe name at the command prompt, ie:

   c:\>  C:\ColdFusion10\jre\bin\keytool.exe -import  {... more arguments  here....}

You can find full details on how to install a cert in CF here:
I'm using CF9 on Windows 7 with IIS 7.5 so your ColdFusion paths might vary a little... If you need to install the cert exactly as entrust prescribes, then first download their cert file

I created a folder called "certs" on my C: drive and saved the cert there.

Secondly, I opened the Windows command prompt as an "Administrator". I think on Server 2008 you can right click the command prompt icon and select run as "Administrator".

Now change directory to where the keytool is located. My path for CF9 on Windows 7 64Bit was: C:\coldfusion9\runtime\jre\bin

From this point just modify the sample instructions provided by entrust to install the cert. In my case I used the following line from the Windows command prompt:  
keytool -import -alias root -keystore C:\coldfusion9\runtime\jre\lib\security\cacerts -trustcacerts -file C:\certs\entrust_2048_ca.cer

You will need to enter the "keystore" password as described in the post by agx. Mine was set to the default of "changeit".

If the password is entered correctly, you will be asked if you trust this cert. Type "yes" and press enter.

That should be it if all goes well. I attached a screen shot of what the command prompt dialog will look like.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ColdFusion Language

From novice to tech pro — start learning today.