To add a public key certificate to a keystore, open up the JKS file in Portecle, select Examine SSL/TLS Connection and type in the hostname and port number of the https site you would like add certificate from. Then hit the PEM encoding button and save the certificate to a file. Next click the Import Trusted Certificate button and select the file you exported and hit save. That's it!
To add a trust for a new certificate authority in your truststore you open up your cacerts file (password most likely 'changeit') and add the CA certificate file via the Import Trusted Certificate button. You will need to locate the CA certificate file on your app server and convert it to PEM format if it is not already in that format. For example in WebLogic the CA file is located in the [WebLogic Home]/server/lib directory (CertGenCA.der by default). In IIS you can export the CA file to PEM format through the IIS Management Console. After importing the CA file to your cacerts file your JVM should trust certificates issued by that CA.
No comments:
Post a Comment