Can we export certificates from JRE's "cacerts" file and import it to higher JRE version?

13.5k views Asked by At

I am using a JRE 8u211. And i have few certificates added in cacerts. But when I upgrade JRE to 8u261, those certificates are not getting imported. So now i want to programmatically export the required certificates from cacerts file of 8u211 using the alias names and then import those certificates to the cacerts file of 8u261.

Is this even possible or supported?

Thanks in advance.

1

There are 1 answers

1
Giorgi Tsiklauri On BEST ANSWER

Certificate is just a data. You definitely can export it to the file, and import that data into some other file.

If you just want to import one truststore file's data into another, you can directly make use of buffer without storing data into an intermediary file:

keytool.exe -importkeystore -srckeystore %JAVA_HOME%\lib\security\cacerts -destkeystore \your\file\path\filename
            -deststoretype jks
            -srcstorepass changeit -deststorepass changeit
            -v -noprompt

However, you can also do these two operations one by one:

  1. To export the certificate:

    keytool -export -alias alias_name -keystore path_to_keystore_file -rfc -file path_to_certificate_file
    
  2. To import the certificate:

    keytool -importcert -alias alias_name -file path_to_certificate_file -keystore truststore_file
    

More on this can be read here, here and here.