How to add a root CA to a Java keystore

I had to add a new issuer of certificates to the list of trusted root certificates in Java. The issuer was CN=UTN-USERFirst-Hardware.

To do this you first have to identify what version of Java you are running. Under your Java installation you have to locate a file cacerts (%JAVA_HOME%/jre/lib/security)

You also need to get the root ca certificate, often downloadable somewhere from the Internet. A copy of the URN-USERFirst-Hardware root certificate is found here. Download the file and save it somwhere safe.

When ready do this:

keytool -keystore ..\cacerts -import -file ..\rootcert -alias utnfirsthardware

When asked for a password, the default password is changeit. Unless you or someone else has changed the password this should work.