CODEWITHSUNDEEP
azul-zulu
DarVar
DarVar

Reputation: 18124

JDK 11 import root ca certificates into keystore

How do I import certs into keystore in Azul Zulu JDK 11.

Where is the default keystore used by keytool

Upvotes: 28

Views: 100318

Answers (6)

Yaytay
Yaytay

Reputation: 523

/lib/security/cacerts

Took me a while to find it, but found the answer here: OpenJDK 10 Now Includes Root CA Certificates.

Upvotes: 26

3ygun
3ygun

Reputation: 1452

I installed Azul Zulu Java 8 and Java 11 through SDKMan.

The cacerts file for my instances were as follows:

Java 11

~/.sdkman/candidates/java/11.0.14-zulu/zulu-11.jdk/Contents/Home/lib/security

Java 8

Notice the extra jre/ folder

~/.sdkman/candidates/java/8.0.322-zulu/zulu-8.jdk/Contents/Home/jre/lib/security

Upvotes: 0

Priyanka Wagh
Priyanka Wagh

Reputation: 695

for

adoptopenjdk/openjdk11@sha256:1cf34e59b4f6209c8513a1681a688bf8a90bf433993aa5b3914dcfdb100e9393

, the location for cacerts is:

/opt/java/openjdk/lib/security/cacerts

Upvotes: 1

Lijo
Lijo

Reputation: 6778

For MAC and LINUX openJDK11

first find the jdk location

echo $JAVA_HOME

since keytool and cacerts located in different folder we have to specify the path

go to keytool folder /Library/Java/JavaVirtualMachines/adoptopenjdk-11.jdk/Contents/Home/bin/security

Sudo keytool -import -noprompt -trustcacerts -alias aliasName -file  /Users/lilojoseph/Desktop/dev.ssk.cer  -keystore  /Library/Java/JavaVirtualMachines/adoptopenjdk-11.jdk/Contents/Home/lib/security/cacerts -storepass changeit

for checking if certificate is added run below command on same folder

 keytool -list -v -keystore  /Library/Java/JavaVirtualMachines/adoptopenjdk-11.jdk/Contents/Home/lib/security/cacerts -alias aliasName

Upvotes: 7

Clayton Lovatto
Clayton Lovatto

Reputation: 401

From running Azul's Alpine OpenJDK11 container, FROM azul/zulu-openjdk-alpine:11, the cacerts file is located at /usr/lib/jvm/java-11-zulu11/jre/lib/security/.

But, to import new certs into it, you only need to specify the -cacerts switch and the command takes care of the rest.

Below is an example of a command I used in a recent Dockerfile:

keytool -importcert -file <my-crt-file-location> -cacerts -keypass changeit -storepass changeit -noprompt -alias <my-alias>

Upvotes: 19

Bhargav
Bhargav

Reputation: 415

Path of java 11 trust store is C:\Program Files\Java\jdk-11.0.4\lib\security\cacerts

To import cert in windows use below command.

"C:\Program Files\Java\jdk-11.0.1\bin\keytool" -importcert -file C:\Polarion\bundled\apache\conf\certificate.crt -alias labs.polarion.com -keystore "C:\Program Files\Java\jdk-11.0.1\lib\security\jssecacerts" -storepass changeit

For more info visit, Click here

Upvotes: 9

Related Questions