Tuesday, September 4, 2007

Finding the root certificate keystore in the JDK

If you look in your JDK installation directory you will find a keystore called "cacerts" in %JDK_ROOT%/jre/lib/security. This keystore contains all the root certificates used when validating regular web pages. This is the one used by default for operations such as opening SSL connections.

Now some tools, <cough> the HTTP Analyser in JDeveloper </cough>, might have a bug that prevents it from using a keystore that doesn't have a password. But it is a easy step to import all of the certificates into a keystore that contains a password.

keytool -importkeystore -srckeystore cacerts -destkeystore /tmp/output.keystore -deststorepass welcome

1 comment:

Willi said...

Hi Gerard,

seems something is missing at the bottom, option -keypass i assume.
Can you complete the solution?

Cheers
Willi
(you can find me in aria "willi qu")