How to add URL cert to JKS

Let’s imagine that you need to download a certificate from a website / service / endpoint and put it in the trusted certificates store (JKS or cacerts).

To do this, you need to fill in the parameters SERVER_URL, ALIAS_NAME, CERT_NAME and run the script:

# parameters

# action
openssl s_client -showcerts -connect ${SERVER_URL} </dev/null 2>/dev/null|openssl x509 -outform PEM >${CERT_NAME}.pem
openssl x509 -outform der -in ${CERT_NAME}.pem -out ${CERT_NAME}.der
keytool -import -alias ${ALIAS_NAME} -keystore ${CERT_NAME}.jks -file ${CERT_NAME}.der

As a result, an trusted jks storage will be created with the name CERT_NAME, which will contain the certificate of the specified URL

If you need to add certificate to java standard cacerts, then you need to replace ${CERT_NAME}.jks in the last command to cacerts.

Telegram channel

If you still have any questions, feel free to ask me in the comments under this article or write me at

If I saved your day, you can support me 🤝

Leave a Reply

Your email address will not be published. Required fields are marked *