• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Tim Cooke
  • Jeanne Boyarsky
  • Bear Bibeault
Sheriffs:
  • Knute Snortum
  • paul wheaton
  • Devaka Cooray
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Ron McLeod
  • Piet Souris
  • Ganesh Patekar
Bartenders:
  • Tim Holloway
  • Carey Brown
  • salvin francis

importing a certificate with keytool - effects of "trust this certificate"?

 
Ranch Hand
Posts: 311
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

When using keytool to import a certificate, it prompts with the question "trust this certificate".

Now, I *am* aware of the notions of certificate authorities, certificate chains, etc...
But I was wondering what's the exact technical implication of "trust this certificate" -

A) would the certificate go into the global trust store ( jre/lib/cacerts ) ?

B) Or will it only be trusted within the keystore to which it was imported (so that it can be used to sign other certificates, then import them into the same keystore) ?


Thanks
 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
keytool -import -file aCertifacte.cer -trustcacerts -alias a1 -keystore D:\WebSphere5\AppServer\java\jre\lib\security/cacerts

Is the command where aCertificate.cer is the certificate file you want to import. It will be added in cacerts.

Also, you would want to add it in a cacerts of where the JRE is located and which JRE you want to use... in non-websphere world, it will be under java.1.4.2_06/...jre/lib/sercurity
 
Raj Srivastava
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It will go in cacerts which has been defined with "-keystore" param. There is no concept of global "keystore". You may have 10 different copy's of JRE on ur machine.
Whichever jre you want to use, import certificate there.
 
If you open the box, you will find Heisenberg strangling Shrodenger's cat. And waving this tiny ad:
professionally read, modify and write PDF files from Java
https://products.aspose.com/pdf/java
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!