Add Certificate in the Java Truststore

This chapter provides a short instruction, how to import a missing server certificate to the Java truststore (cacerts file).

 

A server certificate might be missing in the truststore if, e.g. a WMS service will not be displayed in the WebOffice 10.9 R3 clients and the following notification shows up in the log:

caused by unable to find valid certification path to requested target

 

1.Therefore, take the following steps in your browser to identify the missing certificate.

a.If you are using Internet Explorer open the respective web site in the browser where the server certificate is missing. Click the lock symbol to identify the Certification Path. Open Internet Options, click the tab Content, then Certificates, select the certificate to be exported and click Export. After the Certificate Export Wizard opened automatically, click the first option, then Next and define the name of the file you want to export.

 

Identify the certification path

Identify the certification path

 

Export certificate in the Internet Explorer

Export certificate in the Internet Explorer

 

Choose the export file format

Choose the export file format

 

b.Take the following steps if you are using Mozilla Firefox: Open the respective web site in the browser where the server certificate is missing. Open the certificate with a click on the lock symbol and press More Information... In the new window click View Certificate > Details, select the certificate and click Export... then save the .crt file.

 

Export certificate in Firefox

Export certificate in Firefox

 

2.In the next step install the tool KeyStore Explorer: http://keystore-explorer.sourceforge.net

3.In the KeyStore Explorer open the cacerts file (e.g. find it under /java_home/jre/lib/security/cacerts > with password „changeit“)

4.Press the button Import trusted Certificate and import the previously exported .crt file, then save the cacerts. Now the missing certificate is in the truststore.

 

Import certificate in the truststore

Import certificate in the truststore

 

Imported certificate in the truststore

Imported certificate in the truststore

 

An alternative way to add a certificate in the Java Truststore is by using the Windows command prompt.

For this the following command line must be used:

..\..\bin\keytool -import -trustcacerts -keystore cacerts -storepass changeit -noprompt -alias yourAliasName -file path\to\certificate.cer

 

Example for adding a certificate in Java Truststore by using command prompt

Example for adding a certificate in Java Truststore by using command prompt

 

icon_comment

In case there are multiple Java environments (JREs, JDKs, Java6, Java7,...) on the machine, it has to be ensured that the respective certificate was imported to the correct truststore since there are as many truststores as java installations.

In order to check this, go to SynAdmin > tab System and consider the parameter java.home". Afterwards, verify in the KeyStore Explorer whether the certificate is available in the respective truststore.

 

Example:

java.home:                             C:\Program Files\Java\jdk1.7.0_51\jre

corresponding truststore:         C:\Program Files\Java\jdk1.7.0_51\jre\lib\security\cacerts

 

howto_install_certs_to_truststore5