JDK

Certificates

When you have installed and configured the JDK, you then need to install the SSL Certificate given the environment you need to interact with.

The following instructions can be used only for setting the SSL Certicate for the lower environments, namely, LATEST, STAGE, LOAD.

We use the LATEST in this document. You can follow this template to replicate for the other environments, replacing the environment where appropriate.

For reference you could use The Most Common Java Keytool Keystore Commands.

Open your web browser, here we will be using Google Chrome Browser and point to any of the following URLs:

You are presented with the following page.

The site we are using here refers to 'DCL API', so, we are registering the certificates for calls to it.
Google Chrome Grab SSL Certificate
Figure 1. Google Chrome Grab SSL Certificate

When you click the button indicated you are presented with options to select.

Google Chrome Grab SSL Certificate Init
Figure 2. Google Chrome Grab SSL Certificate Init

A pop up dialog will show and select the tab indicated as follows.

View Certificate
Figure 3. View Certificate

And after you are in the details tab select the button shown next.

Certificate Export
Figure 4. Certificate Export

This will start the export to file process.

Init Certificate Export
Figure 5. Init Certificate Export

Next you select the file format.

Cetificate Format
Figure 6. Certificate Format

Next think of a name for the certificate, lets use here latest-cert, the system assigns the extension cer, but you can use whatever name you consider.

Certificate Select File Name
Figure 7. Certificate Select File Name

Then before proceeding to the export the system will provide an overview summary.

Certificate Export Overview
Figure 8. Certificate Export Overview

After you click the Finish button it will report a successful export.

Certificate Successful Export
Figure 9. Certificate Successful Export

Now you must copy or reference the file in the following commands to import the certificate to the JDK you want to use.

You need to have access rights to the JDK folder to complete these commands.

The JDK cacerts file is located in the following path.

  • $JAVA_HOME/jre/lib/security for JDK 8 and below.

  • $JAVA_HOME/lib/security for JDK 11 and above.

Here JAVA_HOME refers to the folder where the 'JDK' is installed.

With the following code you import the certificate to the JDK cacerts.

$ keytool -import -alias disney-latest-cert -keystore cacerts -file latest-cert.cer

When asked for the password, use the default password changeit, notice that it should be changed if required.

In the previous command, notice it uses an alias, disney-latest-cert and here latest-cert.cer is the file you downloaded.

Besides when you need to supply a password, type the changeit. When you see the question "Trust this certificate? [n]:", type yes.

And if you need to check that the certificate is imported, use the following command.

$ keytool -list -v -keystore cacerts -alias disney-latest-cert

If you need to replace a certificate, you must delete it first and add it again.

$ keytool -delete -alias disney-latest-cert -keystore cacerts

Finally, you must provide the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8 Download. These files can be obtained from the following link: JCE Unlimited Strength Download.

Extract these files and copy them in the [JAVA_HOME]/jre/lib/security folder, for JDK 8 distribution.

  • local_policy.jar

  • US_export_policy.jar

In Java versions 8u151 and higher, the JCE framework uses the unlimited strength by default

Referenes

Enabling Unlimited Strength Cryptography in Java