by BehindJava

How to import a .cer certificate into a java keystore?

Home » springboot » How to import a .cer certificate into a java keystore?

In this tutorial we are going to learn about importing a .cer certificate into a java keystore.

Firstly, lets understand the .pfx and .cer
.pfx includes both the public and private key for the associated certificate, so don’t share this outside your organization.
.cer file only has the public key, it includes the public key, the server name, some extra information about the server. This is what you typically exchange with your partners.

  • If you want to authenticate you need the private key - there is no other option.
  • A certificate is a public key with extra properties (like company name, country,…) that is signed by some Certificate authority that guarantees that the attached properties are true.
  • .CER files are certificates and don’t have the private key. The private key is provided with a .PFX keystore file normally. If you really authenticate is because you already had imported the private key.
  • You normally can import .CER certificates without any problems with the below command.
keytool -importcert -trustcacerts -keystore cacerts -file behindjava.cer -alias bjcertificate

Steps to import the .cert

  1. Download the .cert file from the url or api that you want send a request and receive a response. click on the view site information button beside the url in the browser and follow the images as shown below. images


  1. Click copy to file and click next and next, import your cert to the specified folder location and also specify the cert name. images
  2. click finish and you can see a certificate downloaded as shown below. images


  1. Now copy the cert file into this path of your JDK i.e., C:\Program Files\Java\jdk-16.0.1\lib\security
  2. If the below command prompts for a password type password as changeit and type yes, your certificate is successfully imported.

    keytool -importcert -trustcacerts -keystore cacerts -file behindjava.cer -alias bjcertificate


Trust this certificate? [no]:  yes
Certificate was added to keystore