Add certificates in Java with KeyStore Explorer

When you install Java on a device, it automatically comes with some default certificates. To know which certificates are present in Java, you need to navigate to Control Panel > Java > Security > Manage Certificates.

Of course you can manually import certificates, but we want to know how we can do this programmatically before making the package. The certificates in Java are kept in a file called cacerts. This file can be found in:

For X64 Java:

C:\Program Files\Java\jre%version%\lib\security

For X86 Java:

C:\Program Files (x86)\Java\jre%version%\lib\security

To edit the cacerts there are many utilities out there, but in this article we are going to have a look over KeyStore Explorer. Keystore Explorer is a free utility tool that can open up the cacerts file and will let us add many types of certificates into it.

Once you install KeyStore Explorer and start it for the first time, it will let you know that if you want to edit the cacerts it needs an extra JavaCryptography zip file. You can download the zip file from here:


Once you added the zip file, you should be able now to open the cacerts. Now, when you try to open the cacerts file, it will prompt you to input a password. The default password for the cacerts file is changeit.

To start importing certificates, all yo need to do is click the Import Certificate button and you are good to go.

Once you click Save, all the changes performed on the cacerts file will be reflected in Java when you open it and inspect it.

Leave a comment

Your email address will not be published. Required fields are marked *

two × 1 =