This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Security and the fly likes importing a certificate with keytool - effects of Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "importing a certificate with keytool - effects of "trust this certificate"?" Watch "importing a certificate with keytool - effects of "trust this certificate"?" New topic
Author

importing a certificate with keytool - effects of "trust this certificate"?

Sol Mayer-Orn
Ranch Hand

Joined: Nov 13, 2002
Posts: 311
Hi,

When using keytool to import a certificate, it prompts with the question "trust this certificate".

Now, I *am* aware of the notions of certificate authorities, certificate chains, etc...
But I was wondering what's the exact technical implication of "trust this certificate" -

A) would the certificate go into the global trust store ( jre/lib/cacerts ) ?

B) Or will it only be trusted within the keystore to which it was imported (so that it can be used to sign other certificates, then import them into the same keystore) ?


Thanks
Raj Srivastava
Greenhorn

Joined: May 13, 2006
Posts: 3
keytool -import -file aCertifacte.cer -trustcacerts -alias a1 -keystore D:\WebSphere5\AppServer\java\jre\lib\security/cacerts

Is the command where aCertificate.cer is the certificate file you want to import. It will be added in cacerts.

Also, you would want to add it in a cacerts of where the JRE is located and which JRE you want to use... in non-websphere world, it will be under java.1.4.2_06/...jre/lib/sercurity
Raj Srivastava
Greenhorn

Joined: May 13, 2006
Posts: 3
It will go in cacerts which has been defined with "-keystore" param. There is no concept of global "keystore". You may have 10 different copy's of JRE on ur machine.
Whichever jre you want to use, import certificate there.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: importing a certificate with keytool - effects of "trust this certificate"?
 
Similar Threads
Importing certificate into keystore.
Importing Certificate into JAVA Keystore
Public keys in reply and keystore don't match
SOAP over HTTPS / SSL
keytool - import CA reply certificate error