Documentation
Rate This Document
Findability
Accuracy
Completeness
Readability
SubmitClose

Importing the Certificate

Solution

  1. Download the certificate.
    1. In the address box of Google Chrome, enter https://repo1.maven.org/ (replace the URL with the actual one reported in the error message) and click the marked lock.

    2. In the dialog box that is displayed, click Certificate (Valid).

    3. In the dialog box that is displayed, select the first path and click View Certificate.

    4. In the dialog box that is displayed, select Details and click Copy to File.

    5. In the Certificate Export Wizard dialog box that is displayed, click Next, select Base-64 encoded X.509 (.CER), and click Next.

    6. Click Browse, set the certificate generation path and certificate name, click Next, and click Finish.

  2. Upload the downloaded certificate to the /home directory on the server.
  3. Import the certificate.

    Run the command required for the OS. Type changeit and press Enter. Type yes and press Enter.

    • CentOS: 
      1
      		 
      keytool -import -alias a1  -keystore /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el7_9.aarch64/jre/lib/security/cacerts -file /home/a1.cer
    • openEuler: 
      keytool -import -alias a1  -keystore /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.272.b10-7.oe1.aarch64/jre/lib/security/cacerts -file /home/a1.cer
    • Parameters of importing the certificate:

      -alias: specifies the alias. (It is recommended that the alias be the same as the certificate name.)

      -keystore: specifies the storage file, which is in the security directory of the JRE.

      -file: specifies the certificate file (absolute path + file name).

    • The default password of the cacerts certificate store is changeit. (If the password has been changed, use the new password.)
    • If the operation fails, restart the server.
  4. Optional: Check the certificate.
    • CentOS: 
      ll /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el7_9.aarch64/jre/lib/security/cacerts
keytool -list  -keystore /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el7_9.aarch64/jre/lib/security/cacerts
keytool -list  -keystore  /etc/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el7_9.aarch64/lib/security/cacerts
keytool -list  -alias a1  -keystore /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el7_9.aarch64/jre/lib/security/cacerts
    • openEuler: 
      ll /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.272.b10-7.oe1.aarch64/jre/lib/security/cacerts
keytool -list  -keystore /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.272.b10-7.oe1.aarch64/jre/lib/security/cacerts
keytool -list  -keystore  /etc/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.272.b10-7.oe1.aarch64/lib/security/cacerts
keytool -list  -alias a1  -keystore /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.272.b10-7.oe1.aarch64/jre/lib/security/cacerts
  5. Optional: Delete the certificate.
    • CentOS: 
      keytool -delete -alias a2 -keystore /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el7_9.aarch64/jre/lib/security/cacerts
    • openEuler: 
      keytool -delete -alias a2 -keystore /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.272.b10-7.oe1.aarch64/jre/lib/security/cacerts
  6. Set the system time.
    1. View the system time. 
      date
    2. If the system time is different from the current time, change the system time to the local time. For example: 
      1
2
      		 
      date -s 20210720
date -s 11:45:00
Parent topic: Common Operations