"keytool -importcert" Command Examples - Save Certificate to Keystore

Q

How to use the "keytool -importcert" command? I have a certificate downloaded from a Web site and want to save it in a keystore file.

✍: FYIcenter.com

A

Here is an example of using "keytool -exportcert" command to save the www.facebook.com certifcate into the default keystore file:

C:\Users\fyicenter>"\Program Files\java\jre7\bin\keytool" -importcert
-storepass FYIcenter -alias facebook_cert -file facebook_cert.pem -noprompt

Certificate was added to keystore

C:\Users\fyicenter>"\Program Files\java\jre7\bin\keytool" -list
-storepass FYIcenter

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 3 entries

facebook_cert, Jul 14, 2012, trustedCertEntry,
Certificate fingerprint (SHA1):
9C:53:B1:A4:16:F9:58:79:1B:DA:D0:28:A9:FA:5D:65:4C:5F:81:52
2ndkey, Jul 14, 2012, PrivateKeyEntry,
Certificate fingerprint (SHA1):
8C:35:4B:1A:25:02:74:32:A8:2D:E4:01:E4:F3:93:13:F5:EE:C0:DA
mykey, Jul 13, 2012, PrivateKeyEntry,
Certificate fingerprint (SHA1):
FA:34:B5:C0:91:37:81:AD:E3:C6:3E:2D:0B:D7:3C:24:30:E0:42:29

What the "keytool -importcert" command shown above did for you:

  • Read the certificate from "facebook_cert.pem" file.
  • Save the certificate in the default keystore file: C:\Users\fyicenter\.keystore as a "trustedCertEntry" entry with alias of "facebook_cert".
C:Usersfyicenter>"Program Filesjavajre7inkeytool" -importcert -storepass FYIcenter -alias facebook_cert -file facebook_cert.pem -noprompt Ce

2012-07-20, 12995👍, 0💬