Silent import Java Certificate

I've got a problem with importing a Java certificate silently.
I've packaged Swift Alliance Webstation and this program got a "not signed" certificate.
When starting the program Java comes with the question to trust this program for every site.

Then click yes and go to Java Certificates (Control Panel). Now there's a Certificate that can be exported...

My question is: How do I export this certificate silently with the keytool from Java?

I found the following line on the Sun forum, but it won't show me the certificate in the GUI under the trusted certificates...

"%JREPATH%bin\keytool.exe" -import -v -noprompt -file "%Path to your certificate%" -keystore "%JREPATH%lib\security\cacerts" -alias %certificate alias name% -storepass changeit -storetype JKS

0 Comments   [ + ] Show comments

Answers (2)

Posted by: yoshi 12 years ago
Yellow Belt
Realize this is old but thought I'd post for others - you got me on the right track... the following worked per user with 1.6.0_20

I installed the Java App, went into the Java control panel and exported the certificate, then removed it to test. Also tested on other machines running XP Pro SP3.

C:\Program Files\Java\jre6\bin>
keytool -importcert -file "exported-certificate" -keystore "c:\documents and settings\%USERNAME%\application data\sun\java\deployment\security\trusted.certs" -storepass "" -noprompt

  • Thanks, this worked perfectly. - andyviar 10 years ago
Posted by: pjbaars 13 years ago
Orange Belt
I got the same problem with packaging of a Nortel VPN Client.

Using CertMgr.exe is what I did.

First I installed the vendor setup on a clean packaging machine. Then via the MMC snapin "Certificates" I was able to locate the certificate and export it to a cer-file.

After that I placed the cer-file in my package and with a CustomAction I used CertMgr.exe to import it on the pc. In my case I had to import the certificate in the Trusted Publishers keystore so commandline in my CustomAction is:

"CertMgr.exe -add NortelCertificate.cer -d -r localMachine trustedpublisher"

I placed the CustomAction in ExecuteDeferred right before the CustomAction of the vendor which installs the driver.

Hope this will help.


Peter Baars
Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login


This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ