Say goodbye to "PKIX path building failed"!
Install, ping and uninstall certificates in java keystore lightning-fast.
curl -sL https://raw.githubusercontent.com/pmamico/java-ssl-tools/main/install.sh | bash
on Windows, use Git Bash
as system administrator.
or via homebrew:
brew install pmamico/java/jssl
jssl v1.4
Install trusted certificate and check SSL handshake against java keystore.
Usage: jssl <host> <operation> [-p|--port <arg>] [-a|--alias <arg>] [-h|--help] [-v|--version]
<host>: without https:// and port, eg. google.com
<operation>: ping, install or uninstall
-p, --port: port (default: '443')
-a, --alias: alias in keystore (default: '<host>')
-l, --list: List installed certificates with jssl
-h, --help: Prints help
-v, --version: Prints version
Java has a built-in keytool
to handle certificates on the java keystore.
However it has a few drawbacks:
With jssl
just type
$ jssl <URL> ping
Especially annoying if you are in flow.
First you need to get the certificate somehow,
then to import it with keytool, thinking about alias names and the default password.
Eg.:
$ echo | openssl s_client -connect "<URL>:443" 2>/dev/null | openssl x509 > certificate.pem
$ /opt/homebrew/opt/openjdk@11/bin/keytool -importcert -cacerts -noprompt -alias <myalias> -file certificate.pem -keypass changeit -storepass changeit
is equivalent to
$ jssl <URL> install
Java 1.8 | Java 11 | Java 17 | Java 21 | |
---|---|---|---|---|
Linux | ✔️ | ✔️ | ✔️ | ✔️ |
MacOS | ✔️ | ✔️ | ✔️ | ✔️ |
Windows | ✔️ | ✔️ | ✔️ | ✔️ |
JAVA_HOME
environmentopenssl