Add a Certificate into the Java Certificate Store

The following steps can be followed to add a certificate into the Java Certificate Store. This is required when you would like Dekho to operate with secured ArcGIS Services.


In the situation when an ArcGIS Server is secured then all requests made to that server are usually passed over HTTPS rather than HTTP. The web server hosting the ArcGIS Server instance must therefore have a certificate applied. Instructions for creating and applying certificates for ArcGIS Server web servers can be found in the standard ArcGIS Server Help documentation.


Once a certificate has been applied to the ArcGIS Server web server any machine wishing to communicate with secured services provided by that ArcGIS Server instance must also accept a certificate. In the case of Dekho, the Dekho Server must install the same certificate into the Java Certificate Store for Dekho to be able to communicate with ArcGIS Server. The following instructions provide a means to install the certificate into the Java Certificate Store:


Step 01> Extract to a temporary location, this example uses:


Step 02> Open a command window and navigate to the folder path where you extracted the file.

Step 03> Type the following command and press Enter

java InstallCert "stuart:8443"

Where “stuart” is the host server name and “8443” is the server ssl port.




The class is sometimes named “InstallCertificates” instead of “InstallCert”

The “stuart” host server name mentioned above is the server hosting your secure map service (not necessarily the same as your Dekho server).




So, if the ArcGIS Server hostname name is “arcgis” you could run the above command like :

java InstallCert "arcgis"

(Note: In this case default SSL port of IIS will be used to read the certificate)


java InstallCert "arcgis:443"

The default SSL port for IIS is "443". If the SSL port of IIS is configured to be something different, this has to be specified accordingly.


Step 04> Verify you get an output like below.


The exception “unable to find certification path to request target” indicates the server certificate is not trusted.


Step 05> Enter the certificate number to install out of the listing of certificates which appears above the prompt “Enter certificate to add to trusted keystore or ‘q’ to quit”. In the above scenario there is only one server certificate which is assigned the number 1.

Step 06> So Enter 1 and press “Enter



INFORMATION: If more than one certificate needs tob be imported, repeat the certifcation import stepts




Step 07> This is the Type of output expected.

Certificates are imported to a keystore called “jssecacerts” in the current directory i.e.


Step 08> Identify the java runtime directory (inspect the PATH environment variable where the java install path is usually included by a java install.) 

Step 09> Copy the certificate store file i.e.


and put it in the

<Java home>/jre[version_number]/lib/security

(ex:\ E:\Java\jre6\lib\security)




PLEASE NOTE: If the folder “security” is not found, create a folder “security” under the “lib"




Step 10> Once the above steps are completed the server certificates are trusted by java runtime. To verify if the certificates have been installed properly redo step 3 and you should see an output like below.


Reverse Proxy Settings Checklist