How to install a certificate:
- Procure the desired certificate for installation into the keystore and copy it to the keystore installation location (see additional instructions at the end for details on how to do this from different browsers (if you don't already have the *.cer file).
- Open a command window and navigate to the appropriate directory containing the keystore that you wish to modify (e.g. C:\Program Files\Java\jdk1.6.0_10\jre\lib\security\cacerts is the default keystore).
- Execute the following command to import the certificate (from the *.cer file) to the keystore:
keytool -import -file newcertificate.cer -alias new-certificate-name -keystore keystore-name
where:
newcertificate.cer is the name of the certificate file
new-certificate-name is the name used to store that certificate (doesn't really matter, just something descriptive)
keystore-name is the name of the keystore being updated (e.g. cacerts).
- Execute the following command to list all of the certificates in the keystore:
keytool -list
- Navigate to the desired URL (using https://), then depending on your browser, there are several ways to retrieve the cert:
IE
Either click on the small padlock icon in the lower right corner, or select File | Properties | Certificates from the menu.
Then, select Details | Copy To File, and it will launch a wizard to export the certificate to a file (I typically use Base-64 encoded X.509)
Firefox
Very similar process, but instead of clicking the padlock, you click the highlighted logo on the left side of the address bar.
And then select More Information | Details | View Certificate | Export.
