This week's book giveaway is in the Mac OS forum.
We're giving away four copies of a choice of "Take Control of Upgrading to Yosemite" or "Take Control of Automating Your Mac" and have Joe Kissell on-line!
See this thread for details.
The moose likes Security and the fly likes Adding certificates to System Trusted Certificate keystore. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Engineering » Security
Bookmark "Adding certificates to System Trusted Certificate keystore." Watch "Adding certificates to System Trusted Certificate keystore." New topic
Author

Adding certificates to System Trusted Certificate keystore.

Robin John
Ranch Hand

Joined: Sep 10, 2008
Posts: 270

Hi Guys,

Please take some time to read through.

I am using JAVA 5 and OS is Windows XP, IE 6. ( cannot upgrade anything )

Our application is showing us a pop-up "The web site's certificate cannot be verified. Do you want to continue?" showing the option to "Always trust content from this publisher".

When I accept and tick the checkbox and proceed, the pop-up never appears. When I open the Java Control Panel, I can see the public certificate is added to the "USER" tab in "Trusted Certificates" keystore.

Question:

1 - How can I add the certificate using the keytool to the "Trusted Certificates" under "SYSTEM" tab and not the "USER" tab, so that any user who logs on to the system should not see the pop-up. ( how can I simulate the user accepting the certificate but adding that to the SYSTEM tab)

2 - I had used the following command line

jre1.5.0_17\bin>keytool -import -alias my.alias -keystore "C:\Program Files\Java\jre1.5.0_17\lib\security\cacerts" -file "C:\KEYS\MyCer.cer" -storepass changeit

Using this command line, the certificate gets added to the Signer CA keystore under the CACERTS and I don't get a pop-up anymore, but I wanted to know if this is a secured and correct way of doing that or am I bypassing the issue or violating any security policies ?

Please respond, I need help. Thanks in Advance Guys.



Time is what we want the most, but what we use the worst. -- William Penn
 
GeeCON Prague 2014
 
subject: Adding certificates to System Trusted Certificate keystore.