Monday, November 11, 2019

Adding a CA to the trust store for Eclipse


If a Eclipse plugin uses a self-signed updating web site, you may encounter the authentication failure error when updating the plugin.

The solution is to add the CA of the self-signed certificate to the trust store that Eclipse uses.

By default, Eclipse uses the Java trust store at $JAVA_HOME/lib/security/cacerts.

To list the certificates in it, go to $JAVA_HOME/lib/security/ and run command:
$ $JAVA_HOME/bin/keytool -list -keystore ./cacerts

You may not have the permission to add a new certificate into the default trust store. We can make a copy of the default trust store and add the new certificate in the new copy.
$ cd /path/to/my/trust/store/location
$ cp $JAVA_HOME/lib/security/cacerts mytruststore

The password of Java's default cacerts is "changeit". You will need to input it when adding a new certificate into mytruststore.

Run the following command to import the new certificate (e.g. cloudServicesRootCA.cer, this post shows how to download the certificate of a CA) into mytruststore:
$ $JAVA_HOME/bin/keytool -alias cloudServicesRootCA -import -file cloudServicesRootCA.cer -keystore mytruststore

Exit Eclipse if you are running it and let Eclipse know the new trust store by adding it to Eclipse's configuration file eclipse.ini which locates in the root directory of the Eclipse installation. Use an editor to open eclipse.ini and add/modify these two parameters:
-Djavax.net.ssl.trustStore=/path/to/my/trust/store/location/mytruststore
-Djavax.net.ssl.trustStorePassword=changeit

No comments:

 
Get This <