How do I import a new Java CA cert without using the keytool command line utility?

Question

Executive summary: how do I install a new root certificate into Java using Java code?

We have a desktop application which accesses various web services. Recently one

Answer 1

If you want to install the certificate to the trusted root's keystore on the desktop machine, you will need permission to do that. It's the same with the keytool, you need a password to access the trusted root's keystore. If you want to be quick-n-dirty, you can

• write the certificate to a file or a byte stream or whatever
• import using KeyTool class (sun.security.tools.KeyTool)

But IMHO if the certificate is not valid, then it is not trustworthy. I would say there's a good reason for that.