“CA certificate in Java keystore”

Introduction

It may be necessary to load a certificate into the Java keystore and make it trustworthy. This may be necessary if, for example, a self-signed certificate from an Exchange server is to be used with the Relution Secure Mail Gateway.

Instructions

  1. Open the Windows command line with administrative authorization

  2. Change to the directory %JAVA_HOME%\lib\security
    The path may vary depending on the Java version and provider.

  3. Execute this command in the CMD (in the example, the certificate is located under C:\temp\mdeCert.cer):

keytool -import -trustcacerts -alias mdecert -file C:\temp\mdeCert.cer -keystore cacerts
  1. If you are asked for a password, enter changeit. This is the default password of the keystore.

  2. If you are asked if you want to trust the certificate, enter yes. The certificate will be imported and a message with the content: “Certificate has been added to the keystore” should appear.