How to import Zscaler CA certifications to JDK trusted store

If you encounter SSL errors when using Java tools including Gradle, Maven, etc.

You should check the certificates used in target websites, and if they are issued by Zscaler you can resolve the issue by importing Zscaler certificates into your JDK’s trusted store. You can refer to this post for how to get Zscaler certificates.

Following is an example for Amazon-corretto 8.

$ cd /opt/amazon-corretto-8.302.08.1-linux-x64/bin/
$ keytool -importcert -alias zscaler -file /usr/local/share/ca-certificates/zscaler.crt -keystore /opt/amazon-corretto-8.302.08.1-linux-x64/jre/lib/security/cacerts -storepass changeit
$ keytool -importcert -alias zscaler_intermediate -file /usr/local/share/ca-certificates/zscaler_intermediate.crt -keystore /opt/amazon-corretto-8.302.08.1-linux-x64/jre/lib/security/cacerts -storepass changeit

Following is an example for Amazon-corretto 17.

$ cd /opt/amazon-corretto-17.0.0.35.1-linux-x64/bin/
$ keytool -importcert -alias zscaler -file /usr/local/share/ca-certificates/zscaler.crt -keystore /opt/amazon-corretto-17.0.0.35.1-linux-x64/lib/security/cacerts -storepass changeit
$ keytool -importcert -alias zscaler_intermediate -file /usr/local/share/ca-certificates/zscaler_intermediate.crt -keystore /opt/amazon-corretto-17.0.0.35.1-linux-x64/lib/security/cacerts -storepass changeit