Skip to content

Instantly share code, notes, and snippets.

@davydmaker

davydmaker/README.md

Created April 22, 2026 02:35
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save davydmaker/a47d385f840d28f85d6062acb3f3ca7b to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save davydmaker/a47d385f840d28f85d6062acb3f3ca7b to your computer and use it in GitHub Desktop.
Download ZIP
quick-certificates-jdk: shell script to bulk-import certificates into a JDK cacerts keystore (Windows)
Raw
README.md

quick-certificates-jdk

Shell script to facilitate bulk-importing certificates into a JDK's cacerts keystore. Designed for Windows environments using Git Bash, WSL, or Cygwin (calls keytool.exe with Windows-style paths).

When run, the script imports every .crt/.cer file from a configured directory into the cacerts of a configured JDK, using each filename as the alias and the default changeit password (configurable).

Configuration

Edit two variables at the top of the script:

pathJava="C:\Program Files\Java\jdk-11.0.9"
pathCertificate="C:\certificates"
  • pathJava — path to the JDK installation.
  • pathCertificate — directory containing the certificate files to import.

Usage

./quick-certificates-jdk.sh

The script handles both JDK 8 (legacy -keystore cacerts flag) and JDK 9+ (modern -cacerts shortcut) automatically.

Notes

  • Useful for development environments where new team members need to import multiple internal certificates into their JDK cacerts before accessing internal infrastructure.
  • Windows-specific (uses keytool.exe and Windows-style paths).

License

MIT.

Raw
quick-certificates-jdk.sh
#!/bin/bash
# title : quick-certificates-jdk.sh
# description : Bulk import certificates (.crt/.cer) into a JDK cacerts keystore.
# author : davydmaker
# date : 2021-09-20
# version : 1.3
# usage : ./quick-certificates-jdk.sh
# notes : Configure pathJava and pathCertificate below. Windows-focused (uses keytool.exe).
# license : MIT
# ==============================================================================
pathJava="C:\Program Files\Java\jdk-11.0.9"
pathCertificate="C:\certificates"
javaVersion=$("$pathJava/bin/java" -version 2>&1 | awk -F '"' '/version/ {print $2}')
pass="changeit"
# JDK 9+ supports the -cacerts shortcut. JDK 8 and older need the explicit -keystore path.
if [[ "$javaVersion" > "8" ]]; then
cacerts="-cacerts"
else
cacerts="-keystore \"$pathJava/lib/security/cacerts\""
fi
for fileCrt in "$pathCertificate"/*.{crt,cer}
do
fileCrtName=$(basename "$fileCrt")
if [ "$fileCrtName" != "*.cer" ] && [ "$fileCrtName" != "*.crt" ]
then
fileCrtName=${fileCrtName%.*}
eval "\"$pathJava/bin/keytool.exe\" -delete -noprompt -trustcacerts -alias \"$fileCrtName\" $cacerts -storepass $pass"
eval "\"$pathJava/bin/keytool.exe\" $cacerts -J-Duser.language=en -importcert -alias \"$fileCrtName\" -file \"$fileCrt\" -storepass $pass -noprompt"
fi
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment