“CA certificate in Java keystore”

Introduction #

It may be necessary to load a certificate into the Java keystore and make it trustworthy. This may be necessary if, for example, a self-signed certificate from an Exchange server is to be used with the Relution Secure Mail Gateway.

Instructions #

1. Open the Windows command line with administrative authorization

2. Change to the directory %JAVA_HOME%\lib\security
   The path may vary depending on the Java version and provider.

3. Execute this command in the CMD (in the example, the certificate is located under C:\temp\mdeCert.cer):

keytool -import -trustcacerts -alias mdecert -file C:\temp\mdeCert.cer -keystore cacerts

4. If you are asked for a password, enter changeit. This is the default password of the keystore.

5. If you are asked if you want to trust the certificate, enter yes. The certificate will be imported and a message with the content: “Certificate has been added to the keystore” should appear.