Skip to main content
Skip table of contents

Java Trust Store

This page explains how to add certificates to the Java trust store. 


You may have to work with certificates that are not in the default trust store. For example, companies often use their own private certificate authority (CA) issuing root certificates that are not included in the default installations.

In that case, these certificates need to be added to the Java trust store of the Jira or Confluence instance.

How to

Certificates can be added to the Java trust store using the keytool utility that comes with Java.

For example, to add a certificate named myRootCert.pem, use 

$JAVA_HOME/bin/keytool -importcert -trustcacerts -cacerts -file myRootCert.pem -alias myRootCert


  • The password requested to update the Java truststore is changeit by default.

  • Before Java 9, there was no -cacerts option. Instead you must provide the location of the cacerts keystore using the -keystore option. The cacerts keystore should be located either at $JAVA_HOME/jre/lib/security/cacerts or $JAVA_HOME/lib/security/cacerts.

  • If you need to run the import unattended, append -storepass changeit -noprompt to the above command.

After having added the certificate to the truststore, restart Jira or Confluence.


If the keytool command displays  

Certificate was added to keystore

this may not be true. Look out for any error messages like

keytool error: [...] (Permission denied)

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.