Skip to content

Trust Anchor Installation for Java keystores using keytool⚓︎


Linux 7⚓︎

Bash
1
2
3
4
5
6
7
8
#  create a new Java Trust and import the intermediate CA certificate
keytool -importcert -noprompt -alias intermediate -file INTERMEDIATE.pem -keystore trust.jks -storepass YourPassword

# import the root CA certificate to the Trust
keytool -importcert -noprompt -alias root -file ROOT.pem -keystore trust.jks -storepass YourPassword

# confirm you have the root and intermediate CA certs in the trust
keytool -v -list -keystore trust.jks

Solaris 10⚓︎

Bash
1
2
3
4
5
6
7
8
9
# Copy the pem based certificates for both your Root and Intermediate to the keystore directory
# keystores are most commonly stored in $JAVA_HOME/jre/lib/security/

keytool -import -v -trustcacerts -alias corp-intermediate -file INTERMEDIATE.pem -keystore cacerts
keytool -import -v -trustcacerts -alias corp-root -file ROOT.pem -keystore cacerts

# Verify your PKI certs are now listed in the keystore
keytool -list -keystore cacerts
keytool -list -v -keystore cacerts