Java self signed certificate: keytool, cacerts, ssl

If you want to use a self-signed certificate with a Java client, follow steps similar to this:

  • Get the server.crt file from your web server.
  • Put that file on your client workstation.
  • Run a command like this:
    keytool -import -alias joe -file server.crt -keystore 
  • When you're prompted for a password, use "changeit". This is the default password the JDK is shipped with.
  • You should now be able to use your Java client over SSL with a self-signed certificate.

Please not that the path I provided (C:/jdk1.5.0_06/jre/lib/security/cacerts) is specific to the Java installation on my Windows workstation. Your path will almost certainly vary from this. The important thing is that you're trying to target the cacerts file on your system.

Some of this magic is documented here.