Search code examples
ssl-certificatekeytool

How to add a plain text certificate to a java keytool cacerts cert store

Recently, someone asked me to add key like this

-----BEGIN CERTIFICATE-----
MIIDT.....
.....
.....w8XMWhBI=
-----END CERTIFICATE-----

to my keystore.

Before, I was usually adding a file like a .pem file to keystore so adding just bunch of text like this to keystore was bit confusing to me and I could not find much info online, so I decided to create SO and provide solution.

Solution
    • First of all, why I got only text like above in my email and not the actual .pem file? It turns out Outlook was blocking pem file so all the user could send me is the text above.
    • How to add this certificate text to keystore? Just copy the text including the entire lines containing the BEGIN CERTIFICATE/END CERTIFICATE text into a file, then save that file (name is however you wish) with .pem extension like my.cert.file.tls.pem.

    Now you can use java keytool to add the .pem certificate to your java keystore:

    keytool -import -alias my.cert.file.tls -keystore ./cacerts -file C:\me\my.cert.file.tls.pem

    To confirm the pem certificate is imported, use

    keytool -list -keystore cacerts

    I did all this in OpenJdk11.