Reputation: 856
Recently our server got upgraded to SHA-256 based SSL certificate. And from then we are facing javax.naming.CommunicationException
. In order to resolve this issue i need to add/append a set of Certificate Chain into CACERTS file under the path /usr/lib/jvm/jre/lib/security
of our server.
I found this link of SO which explains the steps to achieve this through a program. Can any one suggest how to add these certificate chains into the cacerts file through linux commands.
Upvotes: 2
Views: 16351
Reputation: 640
From the linux command prompt issue the command:
/usr/lib/jvm/jre/bin/keytool -import -alias <> -file <> -keystore cacerts
That command uses the Java keystore tool to import the new cert file into the existing cacerts file. The <> is whatever you want to call the cert. The <> is the actual file you want imported.
If you are prompted for a password, the default keystore password is 'changeit'.
Repeat for each new cert file you want added.
Upvotes: 2
Reputation: 7810
You should use the keytool
utility from the Java distribution, in your case it should be under /usr/lib/jvm/bin directory.
keytool -importcert -file your_cert_file_here \
-keystore /usr/lib/jvm/jre/lib/security/cacerts -storepass changeit
Upvotes: 1