Import the CA Certificate into your Keystore

This procedure uses the Java keytool utility to import a CA-signed certificate into an existing keystore.

Before you begin

  • You need a certificate for your server signed by a Certificate Authority.
  • You need the trusted root CA certificate for the Certificate Authority.
  • You need to know the keystore name, password, and alias you used when you created the keystore.

To import the CA certificate into your Java keystore with a CA-signed certificate

  1. Use the -importcert option to add the root CA certificate (CAcert.cer in this example) to the Java keystore that you generated when you created your private key (newkeystore.jks in this example). Use a new alias (cacert in this example); if the alias does not point to a key entry, keytool assumes you are adding a trusted certificate entry. For example:

    keytool -importcert -alias cacert -file CAcert.cer -keystore newkeystore.jks

    Note: Some CAs issue an intermediate certificate along with the main certificate. If this is true for your CA, then import these certificates using unique aliases to your keystore.