How to add URL cert to JKS

Let’s imagine that you need to download a certificate from a website / service / endpoint and put it in the trusted certificates store (JKS or cacerts).

To do this, you need to fill in the parameters SERVER_URL, ALIAS_NAME, CERT_NAME and run the script:

# parameters

# action
openssl s_client -showcerts -connect ${SERVER_URL} </dev/null 2>/dev/null|openssl x509 -outform PEM >${CERT_NAME}.pem
openssl x509 -outform der -in ${CERT_NAME}.pem -out ${CERT_NAME}.der
keytool -import -alias ${ALIAS_NAME} -keystore ${CERT_NAME}.jks -file ${CERT_NAME}.der

As a result, an trusted jks storage will be created with the name CERT_NAME, which will contain the certificate of the specified URL

If you need to add certificate to java standard cacerts, then you need to replace ${CERT_NAME}.jks in the last command to cacerts.

If you still have any questions, feel free to ask me in the comments under this article, or write me on

Leave a Reply

Your email address will not be published. Required fields are marked *