Skip to content

Install the self-signed root certificates

Add to Java trust store

Execute the commands below to navigate to the folder where the root CA certificate is stored. Then import it into the cacerts: 

gocedar
cd CEDAR_CA

sudo keytool -import -cacerts -alias metadatacenter.orgx -file ./ca.crt
# or
sudo keytool -import -keystore $JAVA_HOME/lib/security/cacerts -alias metadatacenter.orgx -file ./ca.crt

When prompted, enter these value:

Question Answer
Password: <YOUR ACCOUNT PASSWORD FOR THE SUDO>
Enter keystore password: changeit
Trust this certificate [no]: yes
Trust store password

The cacerts trust store had a default password: changeit

Useful commands

If you run into problems with the certificates, use these commands to list and filter the certificates:

keytool -list -cacerts | grep metadatacenter
# or
keytool -list -keystore $JAVA_HOME/lib/security/cacerts | grep metadatacenter

respectively to delete a certificate 

keytool -delete -cacerts -alias metadatacenter.orgx
# or
keytool -delete -keystore $JAVA_HOME/lib/security/cacerts -alias metadatacenter.orgx

Add to Firefox

If you use Firefox, you will need to add the root CA certificate to the trusted list of the browser.

The process is the following:

  • Open the Preferences.
  • In the Find in Preferences input type certificates.
  • Click the View Certificates... button.
  • Make sure the Authorities tab is open.
  • Click Import.
  • Browse for ca.crt file. It will be located in:
    ${CEDAR_HOME}/CEDAR_CA/.
  • Click both checkbox:
    • Trust this CA to identify websites.
    • Trust this CA to identify email users.
  • Click OK

Add to Keychain Access

If you use Chrome or Safari, or other browsers that use the system's trust store for certificates, you will need to add the root CA certificate to Keychain Access.

The process is the following:

  • Using Finder navigate to ${CEDAR_HOME}/CEDAR_CA/.
  • Double-click the ca.crt file.
  • The application called Keychain Access will be launched.
  • A dialog will pop up, prompting for a location for the certificate. The iCloud might be preselected. Change this to login.
  • Click the Add button. If the Keychain Access does not stay opened after the Add, launch it manually.
  • Locate the certificate you just added. It should be either in System or login Keychain. Search for metadatacenter.
  • The certificate will have a white x in a red circle, meaning it is not trusted.
  • Open it by double-clicking it.
  • Expand the Trust branch on the top.
  • Change the dropdown labeled When using this certificate: to Always Trust.
  • Close the popup.
  • You will be prompted for your password.
  • You should see the icon of the certificate having a white cross inside a blue circle (Keychain Access is still bogus at this point, you need to refresh the cert in order to see that it is trusted. One way to do it is to search for metadatacenter)
  • You are done.