Tuesday, September 4, 2007

Finding the root certificate keystore in the JDK

If you look in your JDK installation directory you will find a keystore called "cacerts" in %JDK_ROOT%/jre/lib/security. This keystore contains all the root certificates used when validating regular web pages. This is the one used by default for operations such as opening SSL connections.

Now some tools, <cough> the HTTP Analyser in JDeveloper </cough>, might have a bug that prevents it from using a keystore that doesn't have a password. But it is a easy step to import all of the certificates into a keystore that contains a password.

keytool -importkeystore -srckeystore cacerts -destkeystore /tmp/output.keystore -deststorepass welcome