java.io.FileNotFoundException: (Operation not permitted) error with ./keytool -import on mac osx (el capitan) - Java 6

Question

Trying to import a CA Cert to my Java 6 truststore and am running into this error:

./keytool -v -import -trustcacerts -alias Rapidssl -file /Users/spurr/Desktop/rapidssl.cer -keystore /System/Library/Java/Support/CoreDeploy.bundle/Contents/Home/lib/security/cacerts
Enter keystore password:
Certificate was added to keystore
[Storing /System/Library/Java/Support/CoreDeploy.bundle/Contents/Home/lib/security/cacerts]
keytool error: java.io.FileNotFoundException: /System/Library/Java/Support/CoreDeploy.bundle/Contents/Home/lib/security/cacerts (Operation not permitted)
java.io.FileNotFoundException: /System/Library/Java/Support/CoreDeploy.bundle/Contents/Home/lib/security/cacerts (Operation not permitted)
at java.io.FileOutputStream.open(Native Method)
at java.io.FileOutputStream.<init>(FileOutputStream.java:194)
at java.io.FileOutputStream.<init>(FileOutputStream.java:84)
at sun.security.tools.KeyTool.doCommands(KeyTool.java:902)
at sun.security.tools.KeyTool.run(KeyTool.java:172)
at sun.security.tools.KeyTool.main(KeyTool.java:166)

I'm running that command as root as well so I'd think I have access to that cacerts keystore location. Using Java 6.

Answer 1

Adding Terminal to Full Disk Access helped me. You can follow Jarek's answer, but additionally add Terminal to Full Disk Access.

Answer 2

1. Copy the file and rename it to cacerts_backup
2. Copy the cacerts to your user/downloads (or whatever you want) directory
3. Modify the cacerts file
4. Copy it back and replace the original file

Answer 3

I was hit by similar issue on MacOS Big Sur while starting an jnlp file:

CouldNotLoadArgumentException[ Could not load file/URL specified: /Users/jhartman/Documents/Favorities/NCC/NCC 123.jnlp]
....
Caused by: java.io.FileNotFoundException: /Users/jhartman/Documents/Favorities/NCC/NCC 123.jnlp (Operation not permitted)

Solution for this was:

• Give Java (/usr/bin/java) Full Disk access
• Give Java (/usr/bin/java) Files and Folders access to Downloads, Documents and Folders

Steps

1. Open /usr/bin in Finder, e.g. by invoking from Terminal:

jhartman@MBP ~ % open /usr/bin

2. Localise java (and keytool)

3. Open System Preferences and Security & Privacy. Open Full Disk Access tab and authorise

4. Drag java and keytool from Finder window opened in step 1 and drop onto the App list in Full Disk Access

5. Go to Security & Privacy -> Files and Folders, tick Downloads Folder and Document Folder for java and keytool

It was solution for my problem but I hope it should also sort out keytool issue.

Answer 4

I was running into this for files under my .metadata directory because I put my Eclipse workspace under Documents. Get around this by going into System Preferences->Privacy and adding access to particular Files and Folder for Eclipse or giving Eclipse Full Disk Access.

Answer 5

This seems to be a mac specific issue when the exception states (Operation not permitted) -

For anyone else having this problem you need to reboot your mac and press ⌘+R when booting up. Then go into Utilities > Terminal and type the following commands:

csrutil disable
reboot

You should be able to import cacerts to your Java keystore following that. Don't forget to reenable csrutil after you've imported that cacert. Reboot, press ⌘+R when booting up, Utilities > Terminal, enter:

csrutil enable
reboot