Let’s get this self-signed certificate party started!
"Party button" by Phillie Casablanca is licensed with CC BY 2.0. To view a copy of this license, visit https://creativecommons.org/licenses/by/2.0/

Let’s get this self-signed certificate party started!

Simon Au-Yong Simon Au-Yong

Simon Au-Yong

Bible lover. Founder at Zingrevenue. Insurance, coding and AI geek.

Published Apr 8, 2021
+ Follow


TL;DR

  • Second step is to get a converted browser PEM certificate into your JDK's cacerts registry
  • openssl x509 –inform der –in ~/Downloads/Certificates/Maven.CER -outform PEM –out ~/Downloads /Certificates/Maven.pem
  • keytool -import -file “C:\Users\emmazudanje\Downloads\Certificates\Maven.pem” -keystore “C:\path\to\JDK\lib\security\cacerts” -storepass “changeit” -alias “apacheMaven” -noprompt
  • This is the second of a 3-part series


No prompting needed

“No, Mum, I can’t come over for dinner, but let’s catch up for lunch on Saturday okay? I’ll text you. Gotta go. Love you too, bye.”

Emma returned to her notes. “Let’s get this party started,” she thought, as she scrolled down her Google Docs notes. She wanted to know if her tips from her previous gig worked here – to get her Java development tools working in parallel with her new employer’s self-signed certificate. “Okay," she mumbled, "the next step is…”


Step two: Convert the certificate to the PEM format


Remember, the whole point of this section is to make it possible to work with JARs from the public Apache Maven repository.

Visit https://repo.maven.apache.org/maven2 in Chrome

  • Click the lock icon in the address bar, then navigate to the Certificate Path tab. Choose the top-level certificate. Click View Certificate. Another Certificate popup will appear, go to Details tab and Copy to File.
  • Create a Certificates folder in the Downloads folder. Export as DER encoded binary X.509 (.CER) in that Certificates folder.
  • Open a new Git for Windows Bash shell; run
openssl x509 \
-inform der -in ~/Downloads/Certificates/Maven.CER \
-outform PEM -out ~/Downloads/Certificates/Maven.pem
  • Very important – from within Bash (not PowerShell nor CMD), run:

keytool -import -file “C:\Users\emmazudanje\Downloads\Certificates\Maven.pem” -keystore “C:\path\to\JDK\lib\security\cacerts” -storepass “changeit” -alias “apacheMaven” -noprompt

  • Fire up IntelliJ IDEA; navigate to File > Invalidate Caches / Restart
  • Run either Maven install from the Maven menu or Execute Maven Goal > mvn install
  • Success is when you start to see your Maven dependencies being downloaded


It was thrilling to see the dependencies download quickly. Prior to this, there were lots of download errors; which was to be expected as she had yet to receive her entitlements to access the enterprise repository. It was good to be productive in the meantime, while waiting for her developer credentials to be issued though; she could switch over to the official repositories when the permissions got approved later on.

Emma was about to close her ThinkPad when, suddenly, she remembered that there was a critical tool that she needed to work with the self-signed certificates - curl.


References:

  • https://knowledge.digicert.com/solution/SO26449.html
  • https://alvinalexander.com/java/java-using-keytool-import-certificate-keystore/


This is a work of fiction. Names, characters, businesses, places, events, locales, and incidents are either the products of the author’s imagination or used in a fictitious manner. Any resemblance to actual persons, living or dead, or actual events is purely coincidental.

To view or add a comment, sign in

More articles by this author

See all

Explore topics