Importing SSL Certificates with Keytool – Finally

From time to time I have had the desire to use SSL certificates from Certificate Authorities (CA’s) which are not included in the default build of Jrun. There are some tutorials on how to do this:

Despite these resources, I could never get the import to work. It would give me the message that it imported and the list test would reveal that it worked but then ColdFusion couldn’t connect to the secured resource. After repeated attempts, I would just figure out an alternate solution to my problem.

That is until today. I was trying it again, and to reduce my frustration, I created a batch file on the desktop of the server. When I ran the batch file, I saw that a cacerts file was created on my desktop. I did some digging, and relized that I was creating a new cacerts file every time I tried to do this, instead of appending the cert to the existing cacerts file.

So the solution was to run the keytool commands from the directory the cacerts file is located in. After you do that successfully, you need to restart the ColdFusion instance you wish to consume the secure services with.

I can’t believe I overlooked something that straightforward but then again, maybe someone else has, and could use this piece of information.

2 thoughts on “Importing SSL Certificates with Keytool – Finally

  1. Thank you for the post as it clarifies things for me.

    I am trying to build a page on our intranet that allows users to reset their AD passwords. On my post that I have found online there is reference to a secure connection between AD and the CF server I am having a hard time doing this could you please provide guidance on creating this connection. Our intranet already has a SSL certificate Do I need to get an additional SSL certificate for communication from the CF8 server to the AD server?

    Any help will be greatly appreciated.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s