Trusted root certificates
Trusted certificates establish a chain of trust that verifies other certificates signed by the trusted roots — for example, to establish a secure connection to a web server.
IntelliJ IDEA gets the list of trusted root certificates from the system trust store and its storage is customizable from IntelliJ IDEA settings.
If the enterprise environment in which you are working uses custom certificates, IntelliJ IDEA trusts such certificates by default. No additional configuration is required.
Upon the certificate checking, IntelliJ IDEA also checks the system trust stores for Windows, macOS, and Linux.
How it works under the hood
Under Linux, all certificates in .crt
(PEM) format from the following locations are imported:
/etc/ssl/certs/*
/etc/pki/tls/certs/*
/system/etc/security/cacerts/*
/etc/ssl/certs/ca-certificates.crt
/etc/pki/tls/certs/ca-bundle.crt
/etc/ssl/ca-bundle.pem
/etc/pki/tls/cacert.pem
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
/etc/ssl/cert.pem
For more information, refer to the JetBrains Linux Trusted Certificates library.
Under macOS X, the code calls system functions to get system-wide and user-specific custom trusted certificates.
For more information, refer to the JetBrains macOS Trusted Certificates library.
Under Windows, the code calls system functions to get system-wide, user-specific, or group-policy distributed trusted certificates.
For more information, refer to the JetBrains Windows Trusted Certificates library.
Logs and diagnostics
In case you've encountered a problem with certificates, you can quickly troubleshoot it by enabling the following debug categories:
org.jetbrains.nativecerts
#com.intellij.util.net.ssl
Collect additional logs in IntelliJ IDEA
In the main menu, go to
.In the dialog that opens, add the debug categories and click OK to save the changes.
Reproduce the issue.
Go to
to collect logs.Send the logs to our support along with the problem detailed description and a scenario to reproduce it.
Locate the IDE log files
Go to Show logs in Explorer.
. This menu item depends on the OS you are using. For example, for Windows, it would beThe log file is named idea.log and is rotated based on the file size. When attaching logs to your problem report, it's recommended that you archive (.zip) and send several latest log files (
idea.log
,idea.log.1
,idea.log.2
,idea.log.3
).You can also use the Collect Logs and Diagnostic Data option to generate the .zip file with all the log files (including the build logs and the automatic thread dumps).
Certificates manual installation
If you use a proxy server that decrypts all TLS traffic like mitmproxy
or fiddler
, you may import its self-signed certificate to the system so all applications on the local machine will trust it (including IntelliJ IDEA). However, this is potentially insecure since you can impersonate any Website with a private key from that certificate.
After you've generated the certificate, use one of the following procedures to add it to the trust store:
Install root certificate
Generate the certificate in the
.crt
(PEM) format.Add the certificate to the one of the listed directories.
For example, you can use
/etc/ssl/certs/
or/etc/pki/tls/certs/
.
Install root certificate
Open up Keychain Access by searching it on Spotlight (click the Magnifying glass located in the upper right corner).
Select
and navigate to the downloaded file.In the Destination Keychain field, select System and click Open.
Right-click the certificate in Keychain Access and select Get Info.
Expand the Trust section and under When using this certificate, select Always Trust.
Install root certificate
Click Start, click Start Search, type mmc, and then press Enter.
Click Yes if you get the UAC screen and prompted about changes to your computer.
In the File menu, select Add/Remove Snap-in.
Under Available snap-ins, click Certificates, and then click Add.
Under This snap-in will always manage certificates for, click Computer account, and then click Next.
Click Local computer, and click Finish.
If you have no more snap-ins to add to the console, click OK to return to the Console root screen.
In the console tree, double-click Certificates.
Right-click the Trusted Root Certification Authorities store.
Select Certificate Import Wizard.
to import the certificates and follow the steps in the