Installing a Root Certificate (HTTPS Only)
If the root certificate of the certification authority (CA) that signed your application server’s (or Web server’s) certificate is not in the trust store by default, or if you are using a proprietary application server or Web server certificate, you must install the root certificate in the trust store. (This step is not needed for ordinary, non-secure HTTP connections, or if the CA’s root certificate is already in the trust store by default.)
Installing a Root Certificate in the Trust Store
-
Import the root certificate.
Execute the command
JRE_HOME/bin/keytool -import -trustcacerts -alias certAlias -file certFile -keystore trustStoreFilewhere certFile is the file containing the root certificate, certAlias is the alias representing the certificate, and trustStoreFile is the file containing your trust store.
-
Confirm that you trust the certificate.
Answer YES to the question Trust this certificate?
-
Identify the trust store to the client application.
In the command that launches the client application, use the -D option to specify the following properties:
javax.net.ssl.trustStore=trustStoreFile javax.net.ssl.trustStorePassword=trustStorePassword
- © 2010, Oracle Corporation and/or its affiliates