Importing Certificates into Sites
Use the following commands to import certificates into master and remote sites:
keytool -import -alias someAliasName -file
path/to.certificateAuthority.cert
-storetype jks -keystore /path/to/keystore.jks
certificateAuthority.cert is the certificate of the certificate authority, not the web server. In the case of a self-signed web certificate, the certificate authority and the web server are the same.
keystore.jks is the file that the trusted certificate authority will be imported into. The Java secure socket extension (JSSE) provider has a truststore in the following location:
$JAVA_HOME/jre/lib/security/jssecacerts
The commands shown above install the certificate authority to be trusted by all invocations of the virtual machine. Alternatively, the certificate authority can be imported into any file and then referenced on the command line.
The argument to Java to use a truststore file is:
-Djavax.net.ssl.truststore=fileName
For example:
keytool -import -alias Acme_CA -file /tmp/acme_ca.cert
-storetype jks -keystore
/home/jlk/wgm_for_proe/conf/cacerts.jks
java -classpath /home/jlk/wgm_for_proe/lib/foo.jar:/...
-
Djavax.net.ssl.trustStore=/home/jlk/wgm_for_proe/conf/cacerts.jks com.ptc.foo.jar