EnterpriseSSL Certificate Installation: Java-based webservers

May 25, 2018 in WebServer

Installing your Certificate on Java Based Web Servers

You will be receiving the following three files from Sectigo:

  • Root AddTrustExternalCARoot.crt
  • Intermediate CA UTNAddTrustServerCA.crt
  • domain/site certificate yourdomainname.crt

Or you can download root and intermediate CA files from here.

In the following example please replace the example keystore name 'domain.key' with your keystore name.

  • Use the keytool command to import the root certificates as follows:

keytool -import -trustcacerts -alias root -file AddTrustExternalCARoot.crt -keystore domain.key

  • Use the same process for the UTNAddTrustServerCA.crt intermediate certificate using the keytool command:

keytool -import -trustcacerts -alias addtrust -file UTNAddTrustServerCA.crt -keystore domain.key

  • Use the same process for the site certificate using the keytool command
  • if you are using an alias then please include the alias command in the string. Example:

keytool -import -trustcacerts -alias yyy (where yyy is the alias specified during CSR creation) -file domain.crt -keystore domain.key


  • The password is then requested.
  • Enter keystore password: (This is the one used during CSR creation)
  • The following information will be displayed about the certificate and you will be asked if you want to trust it (the default is no so type 'y' or 'yes'):
  • Owner: CN= Root, O=Root, C=US
  • Issuer: CN=Root, O=Root, C=US
  • Serial number: 111111111111
  • Valid from: Fri JAN 01 23:01:00 GMT 1990 until: Thu JAN 01 23:59:00 GMT 2050
  • Certificate fingerprints:
  • MD5: D1:E7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58
  • SHA1: B6:GE:DE:9E:4C:4E:9F:6F:D8:86:17:57:9D:D3:91:BC:65:A6:89:64
  • Trust this certificate? [no]:

Then an information message will display as follows:
Certificate was added to keystore

All the certificates are now loaded and the correct root certificate will be presented.