https://github.com/jhinrichsen/import-server-cert

Import a remote TLS server certificate into a Java trust store (aka cacerts keystore), optionally including any referenced CA certificates
https://github.com/jhinrichsen/import-server-cert

certificate certificate-authority keystore keytool truststore

Last synced: 4 months ago
JSON representation

Import a remote TLS server certificate into a Java trust store (aka cacerts keystore), optionally including any referenced CA certificates

• Host: GitHub
• URL: https://github.com/jhinrichsen/import-server-cert
• Owner: jhinrichsen
• License: bsd-3-clause
• Created: 2018-01-16T18:32:13.000Z (over 8 years ago)
• Default Branch: master
• Last Pushed: 2018-01-17T09:18:20.000Z (over 8 years ago)
• Last Synced: 2025-02-19T12:55:20.892Z (over 1 year ago)
• Topics: certificate, certificate-authority, keystore, keytool, truststore
• Language: Go
• Size: 7.81 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.adoc
  • License: LICENSE

Awesome Lists containing this project

README

          
= Overview

This small utility helps in maintaining self signed certificates, and

certificate authorities (CA) that are not supported by Java out of the box (such

as custom enterprise root CAs).

If your organization is running its own CA, you need to make each and every new

JDK version familiar with this CA.

== Prerequisites

- Java (JRE). Specifically, the Java binary `keytool` and the CA truststore

`${JAVA_HOME}/jre/lib/security/cacerts`.

If you do not have a local JRE, this utility does not make any sense for you.

== Installation

== Install binary release

Download Linux or Windows version from the github 'releases' section. These are

standalone, statically linked executables without any dependencies such as

libcurl, OpenSSL, ....

Did i mention i love this Go feature?

== Install from source

----

$ go get github.com/jhinrichsen/import-server-cert

----

== Usage

Show help:

----

$ import-server-cert --help

Usage of ./import-server-cert:

  -chain

        Import complete CA chain (default true)

  -insecure

        Allow custom cert path (default true)

  -keep

        Keep interim certificates in temporary directory

  -keystorepasswd string

        keystore password (default "changeit")

----

Typical use:

----

$ JAVA_HOME= import-server-cert jira.mycompany.com:443

----

== What it does

- Create a backup copy of `${JAVA_HOME}/jre/lib/security/cacerts`

- Download the TLS certificate from the remote server, and install it via Java's

  `keytool` into the trust store

- Optionally (`--chain=true`) download and install certificate chain. This

  requires the X.509 AIA extension (issuing CA certificate URL) to be supplied

  by the certificate.