This week's book giveaway is in the Java in General forum.
We're giving away four copies of 97 Things Every Java Programmer Should Know and have Kevlin Henney & Trisha Gee on-line!
See this thread for details.
Win a copy of 97 Things Every Java Programmer Should Know this week in the Java in General forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Jeanne Boyarsky
  • Junilu Lacar
  • Henry Wong
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Frits Walraven
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Piet Souris
  • salvin francis
  • fred rosenberger

importing a certificate with keytool - effects of "trust this certificate"?

 
Ranch Hand
Posts: 311
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

When using keytool to import a certificate, it prompts with the question "trust this certificate".

Now, I *am* aware of the notions of certificate authorities, certificate chains, etc...
But I was wondering what's the exact technical implication of "trust this certificate" -

A) would the certificate go into the global trust store ( jre/lib/cacerts ) ?

B) Or will it only be trusted within the keystore to which it was imported (so that it can be used to sign other certificates, then import them into the same keystore) ?


Thanks
 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
keytool -import -file aCertifacte.cer -trustcacerts -alias a1 -keystore D:\WebSphere5\AppServer\java\jre\lib\security/cacerts

Is the command where aCertificate.cer is the certificate file you want to import. It will be added in cacerts.

Also, you would want to add it in a cacerts of where the JRE is located and which JRE you want to use... in non-websphere world, it will be under java.1.4.2_06/...jre/lib/sercurity
 
Raj Srivastava
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It will go in cacerts which has been defined with "-keystore" param. There is no concept of global "keystore". You may have 10 different copy's of JRE on ur machine.
Whichever jre you want to use, import certificate there.
 
Would anybody like some fudge? I made it an hour ago. And it goes well with a tiny ad ...
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
    Bookmark Topic Watch Topic
  • New Topic