Import security certificate to the JRE Keystore

The certificate that is downloaded when you enable MDE security must be imported into the JRE Keystore.


  1. Locate the keystore location in the JRE.

    Typically this keystore is at JAVA_HOME\jre\lib\security\cacerts.

    The keytool that is used to access the keystore is typically installed with the JRE and ready to use.

  2. Run the standard keytool to import the certificate, from JAVA_HOME\jre\lib\security.
    keytool -import -trustcacerts -alias mdecert -file C:\temp\mdeCert.cer -keystore cacerts
  3. When prompted Enter keystore password:, enter "changeit".

    By default keystores have a password of "changeit"

  4. When prompted Trust this certificate? [no]:, enter "yes".

    This imports the certificate into the keystore and display the message: "Certificate was added to keystore".