I have a Java application accessing a service that uses a StartCom SSL certificate. For this to work, I need to add the StartCom CA certs to Java's truststore, because they're not in there by default yet. I've succesfully done that on linux using these commands
sudo keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias startcom.ca -file ca.crt
sudo keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias startcom.ca.sub.class1 -file sub.class1.server.ca.crt
sudo keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias startcom.ca.sub.class2 -file sub.class2.server.ca.crt
sudo keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias startcom.ca.sub.class3 -file sub.class3.server.ca.crt
sudo keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias startcom.ca.sub.class4 -file sub.class4.server.ca.crt
(From this script)
The same command (adapted appropriately) doesn't work on Windows however. I get:
keytool error: java.lang.RuntimeException: Usage error, trustcacerts is not a legal command
How to make it work?
It was a simple typo. In converting the command I forgot a dash before "trustcacerts". :(
On Mac OS X Mavericks 10.9 I did this:
I always make a tmp directory that I delete later, but you don’t have to:
Then download the certs:
Get your Java home:
Use keytool to install it:
Remove -trustcacerts
Yes,
-trustcacerts
is the right syntax.But for the linked script to work under Cygwin you need to remove
sudo
from allkeytool
lines -sudo
is unavailable in Cygwin.