Go directly to contents.
Suomi.fi Data Exchange Layer

Installation of root certificates

This article briefly describes how to add certificates to the operating system level.

If you use Ubuntu/RHEL packaged Java, the mechanism ensures that the certificate is also installed in Java’s trusted root certificate container and that the added certificate is retained even if Java is updated.

Ubuntu 18.04 and 20.04 LTS

Java’s default root certificate container:

/etc/ssl/certs/java/cacerts

(/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/cacerts is the symbolic link here)

Add a new root certificate to the following directory:

/usr/local/share/ca-certificates

The certificate must be in the PEM format and the file name must end with .crt.

Run (as a root user) the following command:

update-ca-certificates

RHEL 7, 8

Java’s default root certificate container:

/etc/pki/java/cacerts

(/usr/lib/jvm/jre-1.8.0-openjdk/lib/security/cacerts is the symbolic link here)

Add a new root certificate in the PEM format to the following directory:

/etc/pki/ca-trust/source/anchors

Run (as a root user) the following command:

update-ca-trust extract
(see if necessary: man update-ca-trust)
Updated: 3/10/2024

Are you satisfied with the content on this page?