Creating a Truststore for Your JDK

When you work with secure Web services, the Web service clients must trust the Web applications they interact with to be secure. The Web service client is typically a Web browser, but in this case the client is Java Explorer. To enable testing of a Web application, Java Explorer must accept the server certificate of the application or trust the certifying authority who issues the server certificate.

Your JDK installation includes a command-line tool called keytool. You can manage server certificates and certifying authorities with this tool. The easiest way of downloading server certificates is to export them from your Web server.

To create a truststore for your JDK:

  1. Export a CER certificate file from your Web browser to your local system. For information on exporting a certificate, refer to the Help of your browser.
  2. To add the saved certificate to your truststore, which is called mykeystore, enter the following into the command-line tool of your system:
    -alias <alias name> 
    -file c:\<pathname>\<certificate file name>
    -keystore mykeystore
    The command-line tool creates a file called mykeystore in your current working directory.