How to import a .cer certificate into a java keystore?

• If you want to authenticate you need the private key - there is no other option.
• A certificate is a public key with extra properties (like company name, country,...) that is signed by some Certificate authority that guarantees that the attached properties are true.
• .CER files are certificates and don't have the private key. The private key is provided with a .PFX keystore file normally. If you really authenticate is because you already had imported the private key.

• You normally can import .CER certificates without any problems with

  keytool -importcert -file certificate.cer -keystore keystore.jks -alias "Alias" 
  

Importing .cer certificate file downloaded from browser (open the url and dig for details) into cacerts keystore in java_home\jre\lib\security worked for me, as opposed to attemps to generate and use my own keystore.

1. Go to your java_home\jre\lib\security
2. (Windows) Open admin command line there using cmd and CTRL+SHIFT+ENTER
3. Run keytool to import certificate:
   • (Replace yourAliasName and path\to\certificate.cer respectively)

 ..\..\bin\keytool -import -trustcacerts -keystore cacerts -storepass changeit -noprompt -alias yourAliasName -file path\to\certificate.cer

This way you don't have to specify any additional JVM options and the certificate should be recognized by the JRE.