jssl - Resolve Java SSL issues like PKIX path building failed instantly.
Diagnose, retrieve, and install certificates into Java keystores with ease.
jssl <operation> [host|file] [options]jssl is a command-line tool to interact with Java keystores and SSL endpoints. It allows users to diagnose SSL handshake issues, retrieve remote certificates, and install them into local Java keystores. It also parses Maven logs for missing certificate errors and handles them automatically.
ping : Check the SSL handshake against a host without modifying the keystore.
install : Connect to a host, retrieve its SSL certificate, and install it into the Java keystore. If the target alias already exists, it is replaced.
file : Process a file containing a list of hosts (one per line) to install certificates.
list : List trusted certificates installed with jssl in a table, including creation and expiration dates. Certificates expiring within 30 days are highlighted in yellow; expired certificates are highlighted in red.
uninstall : Remove a certificate from the Java keystore, identified by its hostname or alias.
doctor : Read Maven build logs (from stdin) and automatically detect and install missing certificates based on connection errors.
-p, --port: SSL port to connect to. Defaults to443.-a, --alias: Alias to use in the Java keystore. Defaults tojssl_<host>.-v, --verbose: Print debug output.--version: Print jssl and Java version information.-h, --help: Print help.
By default, jssl uses the active Java truststore. For tests or custom workflows, the target keystore can be overridden with environment variables:
JSSL_KEYSTORE_PATH=/path/to/cacerts JSSL_STOREPASS=changeit jssl listJSSL_STOREPASS defaults to changeit when unset.
curl -sL https://raw.githubusercontent.com/pmamico/java-ssl-tools/main/install.sh | bashRun in any terminal. On Windows, use Git Bash with administrative privileges.
brew install pmamico/keg/jssl
JAVA_HOMEenvironment variable must be setopensslmust be available on the system
keytool(1), openssl(1), mvn(1)