Skip to content

TLS

Transport Layer Security (TLS), the successor of the now-deprecated Secure Sockets Layer (SSL), is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible.

Shell

Download certificate

DOMAIN_NAME="YOUR_DOMAIN_NAME" && \
echo | \
openssl s_client -showcerts \
  -servername $DOMAIN_NAME \
  -connect ${DOMAIN_NAME}:443 \
  2>/dev/null | \
awk '/-----BEGIN CERTIFICATE-----/, /-----END CERTIFICATE-----/' >> ./${DOMAIN_NAME}.pem

Java

Show current certificates

keytool -v -list \
    -storepass changeit \
    -keystore $JAVA_HOME/lib/security/cacerts

Delete certificate by alias

keytool -delete \
    -alias YOUR_ALIAS \
    -storepass changeit \
    -keystore $JAVA_HOME/lib/security/cacerts

Add certificate

keytool -importcert -trustcacerts \
    -alias YOUR_ALIAS \
    -storepass changeit \
    -keystore $JAVA_HOME/lib/security/cacerts \
    -file YOUR_CERT_FILEPATH

Self-signed certificate

Add to Java

For Java application need to add self-signed certificate to keystore. See TLS with Java

  • Optional: create directory for certificates:
mkdir ~/certs
  • Optional: Change directory to certs directory:
cd ~/certs
  • Create file with name add-cert-to-java.sh:
touch add-cert-to-java.sh
  • Add to file following code
#!/bin/sh
echo | \
openssl s_client -showcerts \
    -servername $1 \
    -connect $1:443 \
    2>/dev/null | \
awk '/-----BEGIN CERTIFICATE-----/, /-----END CERTIFICATE-----/' >> ./$1.pem
keytool -importcert -trustcacerts \
        -file ./$1.pem \
        -alias $1 \
        -keystore $JAVA_HOME/lib/security/cacerts
  • Add permission for execute:
chmod +x add-cert-to-java.sh
  • Run script with your domain name, example:
./add-cert-to-java.sh rakovets.by