Java SSL Helper

A set of scripts to help configuring Java to trust a self-signed SSL certificate.

This is commonly necessary in development environments and the procedure is arcane enough that I wrote these scripts to automate the process.

Script Usage

Obtaining the Certificate Key

Firstly you need to run the grab-cert.sh script to obtain the certificate key:

./grab-cert.sh host > example.cert

If the host is using SSL on a non-standard port (the default is 443) you can specify it like so:

./grab-cert.sh host 1234 > example.cert

Installing and Trusting the Certificate

After this script has run you can then run the install-cert.sh script to install and trust the certificate key:

./install-cert.sh example.cert my-key

This will attempt to install the key containing in example.cert into your system JVM key store under the alias my-key. Note that this requires sudo because typically the JVM key store is in an area of the file system owned by root so you may receive a password prompt to grant sudo privileges.

Also note that the script assumes a Mac OS X based JVM which uses a key store password of changeit, this may vary by OS and JVM (for example some installations use changeme as a password) so you can specify the key store password like so:

./install-cert.sh example.cert my-key password

Alternatively if you don't have sudo privileges on the system you are trying to install the key on then you can use the install-cert-local.sh script instead which only installs the key to your local .keystore file which will be in your home directory e.g.

./install-cert-local.sh example.cert my-key


These scripts are in part based upon scripts by Paul Heinlein found in the OpenSSL Command-Line HOW TO which is under a CC-BY-NC-SA license.

Therefore these scripts are also licensed to you under the CC-BY-NC-SA license, please attribute Paul and myself (Rob Vesse) in any downstream projects.