Appendix B. Java Keystores

This appendix demonstrates how to import the X.509 certificate exported from the Red Hat Enterprise Virtualization server (See Section 2.1, “TLS/SSL Certification” for information on certificate exports) into a new Java keystore file.

Procedure B.1. Import a certificate into a new Java keystore

This process helps a user import the rhevm.cer certificate from Section 2.1, “TLS/SSL Certification” into a Java keystore. This procedure requires the keytool management utility from the Java Development Kit (JDK) available for Linux and Windows systems.
  1. Access your client machine and locate the rhevm.cer certificate.
  2. Import the rhevm.cer certificate using the Java keytool management utility.
    keytool -importcert -v -trustcacerts -keystore restapi.jks -noprompt -alias rhevm -file rhevm.cer
    The keytool utility creates a new keystore file named restapi.jks.
  3. keytool asks for the keystore password. Enter a password and keytool asks to verify it.
  4. keytool adds the rhevm.cer certificate to the restapi.jks keystore. Use keytool -list command to view the certificate's entry in the keystore:
    keytool -list -keystore restapi.jks -storepass [password]


Some versions of keytool parse the certificate incorrectly. If keytool does not recognise the certificate, convert it to a different X.509 format with the openssl tool:
openssl x509 -in rhevm.cer -out -outform [pem|der]
This creates a file called to use in place of rhevm.cer.