3.4.1.2 Import Identity Certificate
You can import the identity certificate into the keystore using the command.
keytool -importcert -alias alias -file cert_file -
trustcacerts -keystore keystore
In the above command,
Table 3-6 Description of Placeholders
Placeholder | Description |
---|---|
|
|
|
|
|
|
The trustcacerts flag is used to consider other certificates (intermediate CAs and the root CA) in the chain of trust. If no chain of trust is established during verification, the certificate will be displayed and one would be prompted to verify it. It is recommended that due diligence be observed when the prompt is displayed to verify a certificate when a chain of trust is absent.
A sample execution of the command is listed below:
D:\Oracle\weblogic11g\jrockit_160_05_R27.6.2-20\bin>keytool - importcert
-alias cvrhp0729 -file D:\keystores\cvrhp0729.cer - trustcacerts
-keystore
D:\keystoreworkarea\AdminOBREMOKeyStore.jks
Enter keystore password:<Enter the password used to access the
keystore>
Enter key password for <cvrhp0729>:<Enter the password used to
access the private key>
Certificate reply was installed in keystore
Note:
The previous set of commands assumed the presence of the appropriate root CA certificate (in the chain of trust) in the Java Standard Trust store, specifically in the cacerts file. If the CA issuing the identity certificate (for the Weblogic Server) does not have the root CA certificate in the Java Standard Trust store, one can opt to import the root CA certificate into cacerts, or the identity store, depending on factors including the trustworthiness of the CA, the necessity of transporting the trust store across the machine, among others.Parent topic: About Obtaining and Importing Trusted Certificate