Run the SSLCertUtility

After you have downloaded the utility, you can run it to import the certificates.

As you run the utility, it prompts you with a series of questions.

To run the utility:

1. In the directory where you extracted the contents of the zip file you downloaded, open a terminal window.
2. Enter ./sslcertutiltool.sh and press Enter.
3. Enter the URL of the server from which you want to import the certificates, for example, https://www.example.com and press Enter.
4. Enter the location of the keystore to which you want to import the certificates. This should be a full, absolute path to the keystore, such as example/oracle/jdkl.8.0_161/jre/lib/security/certs. Press Enter.
5. Enter the keystore password and press Enter.
6. Specify the certificate types you want to import. The options are IM, CA, and SS. Press Enter.
7. Depending on which certificate type you specified, the utility asks if you have an alias for the certificate. If you answer “y” (yes), it then prompts you for the alias.
8. The utility then asks if you need a proxy to connect to the server. If you answer “y” (yes), you are prompted for the proxy host, such as www-proxy.us.example.com, and the proxy port.
9. Specify whether you want the utility to run in debug mode. While you can specify either “y” (yes) or “n” (no), yes is recommended, so you can see all the details step-by-step.

The utility creates a backup of your keystore file before doing any changes. The backup is created in the same directory that holds the key store file that you have provided and has the .backup extension. If anything goes wrong, you can revert to the backup.