Import .cer in Java
.cer file is a certificate that helps identify and check any modification to the entity.
This article will learn how to import a certificate file with the
.cer extension in a
.cer File Using the
Keytool in Java
Keytool is a utility that comes with Java. We use it to manage the
It can be used to generate
keystore and self-signed certificates too.
We get the following output that shows the additional commands when using the
keytool command without any options.
That can be used for several operations like
generating a certificate request,
printing the content of the certificate, etc.
keytool command is
importcert that imports a certificate. We also use the command
-file to import a file, and then we specify the
.cer file name,
We need to specify the
keystore where we want to import the certificate. We use
-keystore with the Keystore name
Then we tell the certificate’s alias that the
keystore uses to identify the certificate.
keytool -importcert -file myCA.cer -keystore my-storekey2.keystore -alias "keystore1"
We get the following request to enter the Keystore password.
Enter Keystore password:
Once we enter the correct password and press the
enter key, It will show information about the certificate, like the details of the owner and issuer and the validity of the certificate.
Owner: CN=John Doe, OU=Test, O=Test1, L=TestLocality, ST=TestState, C=IN Issuer: CN=John Doe, OU=Test, O=Test1, L=TestLocality, ST=TestState, C=IN Serial number: 352a75ae344aa1cd Valid from: Mon Feb 07 12:20:25 IST 2022 until: Sun Nov 03 12:20:25 IST 2024 Certificate fingerprints: SHA1: AB:0A:C8:67:A9:31:09:FE:44:CC:6D:D2:2B:19:1A:F0:D6:A6:AB:1D SHA256: E1:1B:DD:2B:56:C8:C5:5B:24:7B:93:31:60:14:AC:8C:09:64:2B:73:8A:CB:44:37:19:FC:BE:35:EE:BA:F8:F1 Signature algorithm name: SHA256withRSA Subject Public Key Algorithm: 2048-bit RSA key Version: 3 Extensions: #1: ObjectId: 188.8.131.52 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 4E 8C 16 C9 38 FA F4 D1 1B 45 E8 89 E1 B9 9E 90 N...8....E...... 0010: 71 B3 D4 A4 q... ] ]
We can check if the certificate was imported in the
keystore by listing all its certificates using the following command.
keytool -list -Keystore my-storekey.keystore
keystore1, 07-Feb-2022, PrivateKeyEntry, Certificate fingerprint (SHA-256): E1:1B:DD:2B:56:C8:C5:5B:24:7B:93:31:60:14:AC:8C:09:64:2B:73:8A:CB:44:37:19:FC:BE:35:EE:BA:F8:F1
The output shows the certificate with its