Trusted root certificates
Trusted certificates establish a chain of trust that verifies other certificates signed by the trusted roots — for example, to establish a secure connection to a web server.
IntelliJ IDEA gets the list of trusted root certificates from the system trust store and its storage is customizable from IntelliJ IDEA settings.
If the enterprise environment in which you are working uses custom certificates, IntelliJ IDEA trusts such certificates by default. No additional configuration is required.
Upon the certificate checking, IntelliJ IDEA also checks the system trust stores for Windows, macOS, and Linux.
Under Linux, all certificates in .crt
(PEM) format from the following locations are imported:
/etc/ssl/certs/*
/etc/pki/tls/certs/*
/system/etc/security/cacerts/*
/etc/ssl/certs/ca-certificates.crt
/etc/pki/tls/certs/ca-bundle.crt
/etc/ssl/ca-bundle.pem
/etc/pki/tls/cacert.pem
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
/etc/ssl/cert.pem
For more information, refer to the JetBrains Linux Trusted Certificates library.
Under macOS X, the code calls system functions to get system-wide and user-specific custom trusted certificates.
For more information, refer to the JetBrains macOS Trusted Certificates library.
Under Windows, the code calls system functions to get system-wide, user-specific, or group-policy distributed trusted certificates.
For more information, refer to the JetBrains Windows Trusted Certificates library.
In case you've encountered a problem with certificates, you can quickly troubleshoot it by enabling the following debug categories:
org.jetbrains.nativecerts
#com.intellij.util.net.ssl
In the main menu, go to Help | Diagnostic Tools | Debug Log Settings.
In the dialog that opens, add the debug categories and click OK to save the changes.
Reproduce the issue.
Go to Help | Collect Logs and Diagnostic Data to collect logs.
Send the logs to our support along with the problem detailed description and a scenario to reproduce it.
note
Note that logs might contain private user information.
Go to Help | Show logs in Finder. This menu item depends on the OS you are using. For example, for Windows, it would be Show logs in Explorer.
The log file is named idea.log and is rotated based on the file size. When attaching logs to your problem report, it's recommended that you archive (.zip) and send several latest log files (
idea.log
,idea.log.1
,idea.log.2
,idea.log.3
).You can also use the Collect Logs and Diagnostic Data option to generate the .zip file with all the log files (including the build logs and the automatic thread dumps).
If you use a proxy server that decrypts all TLS traffic like mitmproxy
or fiddler
, you may import its self-signed certificate to the system so all applications on the local machine will trust it (including IntelliJ IDEA). However, this is potentially insecure since you can impersonate any Website with a private key from that certificate.
note
You can also add the certificates as described in the Server Certificates section. However, keep in mind that it works only for the particular IDE, not for other IDEs or for the whole operating system.
After you've generated the certificate, use one of the following procedures to add it to the trust store:
Generate the certificate in the
.crt
(PEM) format.Add the certificate to the one of the listed directories.
For example, you can use
/etc/ssl/certs/
or/etc/pki/tls/certs/
.
Open up Keychain Access by searching it on Spotlight (click the Magnifying glass located in the upper right corner).
Select File | Import Items and navigate to the downloaded file.
In the Destination Keychain field, select System and click Open.
Right-click the certificate in Keychain Access and select Get Info.
Expand the Trust section and under When using this certificate, select Always Trust.
note
Administrators is the minimum group membership required to complete this procedure. If you're not the administrator of your computer, contact the system administrator.
Click Start, click Start Search, type mmc, and then press Enter.
Click Yes if you get the UAC screen and prompted about changes to your computer.
In the File menu, select Add/Remove Snap-in.
Under Available snap-ins, click Certificates, and then click Add.
Under This snap-in will always manage certificates for, click Computer account, and then click Next.
Click Local computer, and click Finish.
If you have no more snap-ins to add to the console, click OK to return to the Console root screen.
In the console tree, double-click Certificates.
Right-click the Trusted Root Certification Authorities store.
Select All Tasks | Import to import the certificates and follow the steps in the Certificate Import Wizard.
Thanks for your feedback!