Adding Certificates in keystore through keytool (java keystore) Windows/Linux

Adding Certificates in keystore through keytool (\Program Files\Java\jre7\bin)
keytool -import -file -alias smart -keystore

listing Certificates
keytool -list -keystore cacerts.jks


To add a certificate to the cacerts store

At a command prompt that is set to your JDK’s jdk\jre\lib\security folder, run the following to see what certificates are installed:

keytool -list -keystore cacerts

You’ll be prompted for the store password. The default password is changeit. (If you want to change the password, see the keytool documentation at This example assumes that the certificate with MD5 fingerprint 67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4 is not listed, and that you want to import it (this particular certificate is needed by the Twilio API service).

Obtain the certificate from the list of certificates listed at GeoTrust Root Certificates. Right-click the link for the certificate with serial number 35:DE:F4:CF and save it to the jdk\jre\lib\security folder. For purposes of this example, it was saved to a file named Equifax_Secure_Certificate_Authority.cer.

Import the certificate via the following command:

keytool -keystore cacerts -importcert -alias equifaxsecureca -file Equifax_Secure_Certificate_Authority.cer

When prompted to trust this certificate, if the certificate has MD5 fingerprint 67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4, respond by typing y.

Run the following command to ensure the CA certificate has been successfully imported:

keytool -list -keystore cacerts

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s