Add the signer certificate to the Java keystore using keytool

This procedure describes how to add the certificate to the Java cacerts file using keytool. Using keytool is optional; ikeyman can also be used.

  1. Back up the current file. From an Administrator command window, list current certificates and redirect to a file using this command:
    Command: 
    keytool -list -keystore LAW_JAVA_HOME/jre/lib/security/cacerts -storepass <password*> > keytool_list_Java_before.out
    Example: 
    
keytool -list -keystore D:/java/jre/lib/security/cacerts -storepass changeit > keytool_list_Java_before.out
  2. Load certificate into the Java keystore using this command:
    Command: 
    keytool -import -file <literal_path_to_new_ldap_certificate_file**> -alias <name_that_describes_ldap_server_or_domain>_ldap -trustcacerts -keystore LAW_JAVA_HOME/jre/lib/security/cacerts -storepass <password*> >  keytool_import_Java.out
    Note: The default password for cacerts is changeit.
    Example: 
    keytool -import -file D:\certs\ADROOT-CA.cer -alias ADROOT-CA_20200206 -trustcacerts -keystore D:/java/jre/lib/security/cacerts -storepass changeit >  keytool_import_Java.out
  3. List current certificates again and redirect to a file, verify newly added certificate is present in this file using this command:
    Command: 
    keytool -list -keystore LAW_JAVA_HOME/jre/lib/security/cacerts -storepass <password*> > keytool_list_Java_after.out
    Example: 
    keytool -list -keystore D:/java/jre/lib/security/cacerts -storepass changeit > keytool_list_Java_after.out