Knowledge Base

Knowledge BaseCertificate Installation

How to Install and Bind a Server Certificate Using Java Keytool?

Updated on March 13, 2026

Overview:

This guide provides the step-by-step process for installing the intermediate and server certificates into a Java KeyStore using the Java Keytool utility. Completing this process ensures that your server certificate is properly trusted and bound within the keystore, enabling secure communication.

Prerequisites

Before you begin, ensure you have the following:

Access to the Java Keytool utility

The intermediate certificate files downloaded from Sectigo

The server certificate file issued after CSR validation

The keystore file used when creating the CSR

The alias name used during CSR generation (e.g., servercert)

Procedure

Step 1 — Import Intermediate

To install the intermediate certificates into the keystore, you need to download the intermediate certificate files from Sectigo.

Note: Do not use the same alias name as you used to create the certificate signing request. You can create your own alias for chain installation below or follow the recommended alias name from the instruction on step 2.

Using the keytool utility, enter the following to install Sectigo Intermediate certificate:

keytool -import -alias Intermediate –keystore < your_keystore_filename> -trustcacerts –file < filename_of_the_Intermediate>

Step 2 — Import the server certificate

Using the keytool utility, enter the following to install Sectigo Server certificate:

Use the same alias you used when generating the CSR (e.g., servercert):

keytool -import -alias servercert –keystore < your_keystore_filename> –file < filename_of_the_Server Certificate>

You should receive the message Certificate was added to keystore at the end of step 2 and 3 if you have installed the certificate correctly.  To view the content of your keystore file, you can run the command below:

 Keytool –list –verbose –keystore <your_keystore_filename>

You should see: