Java and the StartSSL CA certificates

Sunday, April 11. 2010

Java and the StartSSL CA certificates

Again and again I forget how to import the StartSSL CA certificates into Java. Everytime when I switch to a different workstation or install a new Linux distribution I can no longer access my StartSSL secured server with Maven. Then I have to search for a tutorial and for the download locations of the CA certs. Very time-consuming. This must stop once and for all. So I wrote a small script which imports the certs into the currently active Java installation.

Steps to install the certs:

  • Download import-startssl script.
  • Make sure JAVA_HOME environment variable is set correctly.
  • Run the import-startssl script.

The script runs the keytool program of Java with sudo so you have to enter your password to give it root access. If you have JSSE installed then the StartSSL CA certs are also added to the jssecacerts keystore. The script imports the root CA certificate and the four sub CA certs (Class 1-4).

If the script does not work for you (Maybe because you are using Windows or Mac OS X instead of a real operating system) then you can at least read it for instructions how to do it manually.

Posted in Java | Comments (3)
Tobias at 2011-02-20 04:47
Thanks for that! Concerning real OS :) Not every OS uses sudo by default. And I find it much easier to sudo bash (or su bash -) as providing my password a dozen of times :)
Klaus Reimer at 2011-02-20 09:23
A well configured sudo (And it IS well configured in Debian and Ubuntu, don't know the others) only asks once for the password even if used multiple times (It remembers the root-status for a few minutes). And to start a sudo bash the shortest form I have seen yet is "sudo -s"
TheDarkRose at 2011-08-05 10:58
Thank you for the cool script. With this it's so easy to add the certs and all the client's won't throw an cert exception.

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.