Update the cacerts keystore file

Applies to User Roles:

System Administrator

If you use a private certificate authority to generate an SSL server certificate, you can add the private certificate authority to the list of trusted certificate authorities that exist in the Java cacerts keystore file. Oracle distributes this file with JSSE and with JDK version 1.4.x and later releases. You can then distribute this updated cacerts file to your Service Manager clients so that they can validate the server's signed certificate.

To update the cacerts keystore file:

  1. Log on to server where you installed your private certificate authority.
  2. Open the operating systems command prompt.
  3. Change directories to the Java SDK bin folder.
  4. Type the following command to import your private certificate authority's certificate (for example, cacert.pem) into the Java cacerts file that you publish to the rest of your network. Change the path and variables as necessary.
    keytool -import -keystore ./cacerts -trustcacerts -file cacert.pem -storepass changeit
  5. When keytool prompts you, type y to trust the private certificate authority's certificate.

Related topics

Example: Enabling required SSL encryption
Example: Enabling required SSL encryption and client authentication
Example: Enabling required SSL encryption and trusted clients
Example: Enabling trusted sign-on
Example: Generating a client certificate with OpenSSL
Example: Generating a server certificate with OpenSSL
Example: Viewing the contents of a cacerts file
What are PEM files?
What is a cacerts file?

Related topics

Add a client certificate to the web tier
Add a client certificate to the Windows client