26

How do I import certs into keystore in Azul Zulu JDK 11.

Where is the default keystore used by keytool

Sergey Grinev
  • 34,078
  • 10
  • 128
  • 141
DarVar
  • 16,882
  • 29
  • 97
  • 146

6 Answers6

24

/lib/security/cacerts

Took me a while to find it, but found the answer here: OpenJDK 10 Now Includes Root CA Certificates.

Yaytay
  • 493
  • 4
  • 13
  • 2
    Link does not work. :^( – Paulo Merson Sep 22 '22 at 22:50
  • @PauloMerson, you are right, the link doesn't work any more, but: 1. The answer to the question is given in the answer. 2. I hope you aren't using JDK 11 any more. 3. Googling "openjdk 10 now includes root ca certificates" will find numerous copies of the original blog. – Yaytay Sep 27 '22 at 05:10
  • Thanks @Yaytay. My *implicit* suggestion was for the author of the answer to Edit the answer and update the link. – Paulo Merson Sep 28 '22 at 12:59
17

From running Azul's Alpine OpenJDK11 container, FROM azul/zulu-openjdk-alpine:11, the cacerts file is located at /usr/lib/jvm/java-11-zulu11/jre/lib/security/.

But, to import new certs into it, you only need to specify the -cacerts switch and the command takes care of the rest.

Below is an example of a command I used in a recent Dockerfile:

keytool -importcert -file <my-crt-file-location> -cacerts -keypass changeit -storepass changeit -noprompt -alias <my-alias>
Clayton Lovatto
  • 381
  • 3
  • 6
9

Path of java 11 trust store is C:\Program Files\Java\jdk-11.0.4\lib\security\cacerts

To import cert in windows use below command.

"C:\Program Files\Java\jdk-11.0.1\bin\keytool" -importcert -file C:\Polarion\bundled\apache\conf\certificate.crt -alias labs.polarion.com -keystore "C:\Program Files\Java\jdk-11.0.1\lib\security\jssecacerts" -storepass changeit

For more info visit, Click here

Bhargav
  • 385
  • 6
  • 10
7

For MAC and LINUX openJDK11

first find the jdk location

echo $JAVA_HOME

since keytool and cacerts located in different folder we have to specify the path

go to keytool folder /Library/Java/JavaVirtualMachines/adoptopenjdk-11.jdk/Contents/Home/bin/security

Sudo keytool -import -noprompt -trustcacerts -alias aliasName -file  /Users/lilojoseph/Desktop/dev.ssk.cer  -keystore  /Library/Java/JavaVirtualMachines/adoptopenjdk-11.jdk/Contents/Home/lib/security/cacerts -storepass changeit

for checking if certificate is added run below command on same folder

 keytool -list -v -keystore  /Library/Java/JavaVirtualMachines/adoptopenjdk-11.jdk/Contents/Home/lib/security/cacerts -alias aliasName
Lijo
  • 6,498
  • 5
  • 49
  • 60
1

for

adoptopenjdk/openjdk11@sha256:1cf34e59b4f6209c8513a1681a688bf8a90bf433993aa5b3914dcfdb100e9393

, the location for cacerts is:

/opt/java/openjdk/lib/security/cacerts

Priyanka Wagh
  • 615
  • 1
  • 8
  • 17
0

I installed Azul Zulu Java 8 and Java 11 through SDKMan.

The cacerts file for my instances were as follows:

Java 11

~/.sdkman/candidates/java/11.0.14-zulu/zulu-11.jdk/Contents/Home/lib/security

Java 8

Notice the extra jre/ folder

~/.sdkman/candidates/java/8.0.322-zulu/zulu-8.jdk/Contents/Home/jre/lib/security
3ygun
  • 1,192
  • 12
  • 14