InstallCertificate

# Example:
java InstallCert woot.com:443

    Loading KeyStore /usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/security/cacerts...
    Opening connection to woot.com:443...
    Starting SSL handshake...

    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    <...>

    Server sent 1 certificate(s):

     1 Subject O=Woot Inc, C=US, ST=Texas, L=Carrollton, CN=*.woot.com
       Issuer  CN=SecureTrust CA, O=SecureTrust Corporation, C=US
       sha1    4b 46 ca 6b 83 05 b3 51 ff c6 e7 9c fd b3 9b e3 3f 2e c4 53 
       md5     e8 a5 88 1b d5 67 bb fc 88 cc b1 c5 2b ac c4 7d 

    Enter certificate to add to trusted keystore or 'q' to quit: [1]

[enter]

    [
    [
      Version: V3
      Subject: O=Woot Inc, C=US, ST=Texas, L=Carrollton, CN=*.woot.com
      Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

    <...>

    Added certificate to keystore 'jssecacerts' using alias 'woot.com-1'

keytool -exportcert -alias woot.com-1 -keystore jssecacerts -storepass changeit -file woot.com.cer

    Certificate stored in file <woot.com.cer>
  
(sudo) keytool -importcert -alias woot.com -keystore /usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/security/cacerts -storepass changeit -file woot.com.cer

    Owner: O=Woot Inc, C=US, ST=Texas, L=Carrollton, CN=*.woot.com
    Issuer: CN=SecureTrust CA, O=SecureTrust Corporation, C=US
  
    <...>
  
    Trust this certificate? [no]:
  
yes

    Certificate was added to keystore

COPY

Generating:
Generate a Java keystore and key pair:

keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048
Generate a certificate signing request (CSR) for an existing Java keystore: 
keytool -certreq -alias mydomain -keystore keystore.jks -file mydomain.csr
Generate a keystore and self-signed certificate:
keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048

Importing:
Import a intermediate CA certificate to an existing Java keystore:

keytool -import -trustcacerts -alias intermediate -file intermediate.crt -keystore keystore.jks
Import a root CA certificate to an existing Java keystore:
keytool -import -trustcacerts -alias root -file root.crt -keystore keystore.jks
Import a signed SSL primary certificate to an existing Java keystore:
keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore keystore.jks

Java Keytool Commands for Conversion:
If you need to change the type of keystore.

PFX keystore to JKS keystore:

keytool -importkeystore -srckeystore mypfxfile.pfx -srcstoretype pkcs12 -destkeystore newjkskeystore.jks -deststoretype JKS
JKS keystore to PFX keystore:
keytool -importkeystore -srckeystore myjksfile.jks -srcstoretype JKS -deststoretype PKCS12 -destkeystore newpfxkeystore.pfx

Java Keytool Commands for Checking:
If you need to check the information within a certificate, or Java keystore, use these commands.

Check a stand-alone certificate:

keytool -printcert -v -file mydomain.crt

Check which certificates are in a Java keystore:

keytool -list -v -keystore keystore.jks

Check a particular keystore entry using an alias:

keytool -list -v -keystore keystore.jks -alias mydomain

Other Java Keytool Commands:
Delete a certificate from a Java Keytool keystore:

keytool -delete -alias mydomain -keystore keystore.jks
Change a Java keystore password:

keytool -storepasswd -new newstorepass -keystore keystore.jks

Export a certificate from a keystore:
keytool -export -alias mydomain -file mydomain.crt -keystore keystore.jks

List Trusted CA Certs:
keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts

Import New CA into Trusted Certs:
keytool -import -trustcacerts -file /path/to/ca/ca.pem -alias mydomain -keystore $JAVA_HOME/jre/lib/security/cacerts

COPY