che paskat wrote:How can I check to see that my root CA in my Java truststore has not expired?
I know how to access and list all installed certificates in my keystore via the keytool -list -v -keystore /Library/Java/JavaVirtualMachines/jdk1.7.0_51.jdk/Contents/Home/jre/lib/security/cacerts command but I'm not sure how to do this so I can list the certs for my truststore?
Thanks!
Note that cacerts.jks is your truststore and identifies what web sites you trust. keystore.jks is your keystore and identifies your site to all others.
Your command above is using the -keystore flag on cacerts which is incorrect.
Normally, you will have three or more certs that must be imported to your truststore for each site you want to access. You need the root cert, one or more mid-level certs, and the leaf-level ceret from FedEx. If your only importing the FedEx cert, then you likely may be missing the mid or root level certs or they are expired.
If keytool is not meeting your needs, you might like to try ikeyman.
Free download.
Have you set the password in your JRE so your JRE can access the truststore ?