Java SSL Helper

A set of scripts to help configuring Java to trust a self-signed SSL certificate.

This is commonly necessary in development environments and the procedure is arcane enough that I wrote these scripts to automate the process.

Script Usage

Obtaining the Certificate Key

Firstly you need to run the script to obtain the certificate key:

./ host > example.cert

If the host is using SSL on a non-standard port (the default is 443) you can specify it like so:

./ host 1234 > example.cert

Installing and Trusting the Certificate

After this script has run you can then run the script to install and trust the certificate key:

./ example.cert my-key

This will attempt to install the key containing in example.cert into your system JVM key store under the alias my-key. Note that this requires sudo because typically the JVM key store is in an area of the file system owned by root so you may receive a password prompt to grant sudo privileges.

Also note that the script assumes a Mac OS X based JVM which uses a key store password of changeit, this may vary by OS and JVM (for example some installations use changeme as a password) so you can specify the key store password like so:

./ example.cert my-key password

Alternatively if you don't have sudo privileges on the system you are trying to install the key on then you can use the script instead which only installs the key to your local .keystore file which will be in your home directory e.g.

./ example.cert my-key


These scripts are in part based upon scripts by Paul Heinlein found in the OpenSSL Command-Line HOW TO which is under a CC-BY-NC-SA license.

Therefore these scripts are also licensed to you under the CC-BY-NC-SA license, please attribute Paul and myself (Rob Vesse) in any downstream projects.