Not able to import certificate in cacert

2
votes

I have JAVA_HOME=C:\Users\myuser\jdk1.8.0_65

JRE Sytem Library in Eclipse points to C:\Users\myuser\jdk1.8.0_65

java -version gives C:\Users\myuser\jdk1.8.0_65

Importing certificate by:

C:\Users\myuser\jdk1.8.0_65\bin\keytool.exe -importcert -trustcacerts -keystore C:\Users\myuser\jdk1.8.0_65\jre\lib\security\cacerts -storepass changeit -noprompt -alias ldap -file C:\Users\myuser\certificates\ldap_cer.cer

Keytool list gives:

C:\Users\myuser>keytool -list
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN

Your keystore contains 0 entries

When I try to check the certificate with below program I can see the entry, why keytool -list doesn't give me the same result? How can I add certificate? What I am missing?

package com.;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.util.Enumeration;
public class HandShake {
static FileInputStream  is;
public static void main(String[] args) {
try {

    File file = new File("C://Users//myuser//jdk1.8.0_65//jre//lib//security//cacerts");
    System.setProperty("javax.net.ssl.keyStore", file.getAbsolutePath());
    System.out.println(System.getProperty("javax.net.ssl.keyStore"
            ));
    is= new FileInputStream(file);
    KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
    String password = "changeit";
    keystore.load(is, password.toCharArray());
    Enumeration enumeration = keystore.aliases();
    while(enumeration.hasMoreElements()) {
        String alias = (String)enumeration.nextElement();
        if(alias.equals("ldap")){

        System.out.println("alias name: " + alias);
        Certificate certificate = keystore.getCertificate(alias);
        System.out.println(certificate.toString());
        }
    }

} catch (java.security.cert.CertificateException e4) {
    e4.printStackTrace();
} catch (NoSuchAlgorithmException e1) {
    e1.printStackTrace();
} catch (FileNotFoundException e2) {
    e2.printStackTrace();
} catch (KeyStoreException e3) {
    e3.printStackTrace();
} catch (IOException e) {
    e.printStackTrace();
}finally {
    if(null != is)
        try {
            is.close();
        } catch (IOException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
}
}
}
1
javasslkeytool

1 Answers

0
votes

Probably you are trying to run keystore -list on another keystore

try 

keytool -list -keystore C:\Users\myuser\jdk1.8.0_65\jre\lib\security\cacerts

EDITED

SSL properties are set at the JVM level via system properties. Meaning you can either set them when you run the program (java -D....) Or you can set them in code by doing System.setProperty.

The specific keys you have to set are below:

javax.net.ssl.keyStore- Location of the Java keystore file containing an application process's own certificate and private key. On Windows, the specified pathname must use forward slashes, /, in place of backslashes.

javax.net.ssl.keyStorePassword - Password to access the private key from the keystore file specified by javax.net.ssl.keyStore. This password is used twice: To unlock the keystore file (store password), and To decrypt the private key stored in the keystore (key password).

javax.net.ssl.trustStore - Location of the Java keystore file containing the collection of CA certificates trusted by this application process (trust store). On Windows, the specified pathname must use forward slashes, /, in place of backslashes, .

If a trust store location is not specified using this property, the SunJSSE implementation searches for and uses a keystore file in the following locations (in order):

$JAVA_HOME/lib/security/jssecacerts $JAVA_HOME/lib/security/cacerts javax.net.ssl.trustStorePassword - Password to unlock the keystore file (store password) specified by javax.net.ssl.trustStore.

javax.net.ssl.trustStoreType - (Optional) For Java keystore file format, this property has the value jks (or JKS). You do not normally specify this property, because its default value is already jks.

javax.net.debug - To switch on logging for the SSL/TLS layer, set this property to ssl.

see java SSL and cert keystore