keytool -import -keystore cacerts -file key.cet
It will ask for a password and default password of java key-store is : changeit
[root@test]# keytool -import -keystore cacerts -file localhost.test.com
Enter keystore password:
Owner: CN=localhost.test.com, OU=imts, O=test, L=chennai, ST=tn, C=in
Issuer: CN=localhost.test.com, OU=imts, O=test, L=chennai, ST=tn, C=in
Serial number: 60ff54ca
Valid from: Mon Jul 27 17:56:08 IST 2015 until: Sun Oct 25 17:56:08 IST 2015
Certificate fingerprints:
MD5: 01:69:0F:01:A5:29:7E:6A:56:BD:50:27:BF:8A:B3:D8
SHA1: 89:72:92:0C:35:80:AC:BE:4A:63:7A:66:29:24:B4:8E:DE:D6:4B:2A
Signature algorithm name: SHA256withRSA
Version: 3Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 62 BE 8B 52 3B 74 8B F5 0F FE DB B6 FD 72 A2 07 b..R;t…….r..
0010: 9E F7 54 C8 ..T.
]
]Trust this certificate? [no]: yes
Certificate was added to keystore
Where key.cet is my keystore file generated by keytool of Java.
We can get the certificate from browser also
Steps to download from browser
- Hit the URL from which you want to download the certificate.
- Then click lock icon in top left corner
- Click More information then View certificate information.
- Click on details information there you will find a export option to export the certificate.
Note: Steps are explained for Firefox for other browsers it may wary little.
If we didn’t import the certificate properly we may get the exceptions as show below
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
The https URL hostname does not match the Common Name (CN) on the server certificate
Key point here is while generating the self signed certificate keep in mind always CN should be your domain name or (ip/host name) of the server where it is going to be installed.