It's not a secret anymore!
The moose likes Security and the fly likes importing a certificate with keytool - effects of Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "importing a certificate with keytool - effects of "trust this certificate"?" Watch "importing a certificate with keytool - effects of "trust this certificate"?" New topic
Author

importing a certificate with keytool - effects of "trust this certificate"?

Sol Mayer-Orn
Ranch Hand

Joined: Nov 13, 2002
Posts: 311
Hi,

When using keytool to import a certificate, it prompts with the question "trust this certificate".

Now, I *am* aware of the notions of certificate authorities, certificate chains, etc...
But I was wondering what's the exact technical implication of "trust this certificate" -

A) would the certificate go into the global trust store ( jre/lib/cacerts ) ?

B) Or will it only be trusted within the keystore to which it was imported (so that it can be used to sign other certificates, then import them into the same keystore) ?


Thanks
Raj Srivastava
Greenhorn

Joined: May 13, 2006
Posts: 3
keytool -import -file aCertifacte.cer -trustcacerts -alias a1 -keystore D:\WebSphere5\AppServer\java\jre\lib\security/cacerts

Is the command where aCertificate.cer is the certificate file you want to import. It will be added in cacerts.

Also, you would want to add it in a cacerts of where the JRE is located and which JRE you want to use... in non-websphere world, it will be under java.1.4.2_06/...jre/lib/sercurity
Raj Srivastava
Greenhorn

Joined: May 13, 2006
Posts: 3
It will go in cacerts which has been defined with "-keystore" param. There is no concept of global "keystore". You may have 10 different copy's of JRE on ur machine.
Whichever jre you want to use, import certificate there.
 
Have you checked out Aspose?
 
subject: importing a certificate with keytool - effects of "trust this certificate"?
 
It's not a secret anymore!