Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

importing a certificate with keytool - effects of "trust this certificate"?

 
Sol Mayer-Orn
Ranch Hand
Posts: 311
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

When using keytool to import a certificate, it prompts with the question "trust this certificate".

Now, I *am* aware of the notions of certificate authorities, certificate chains, etc...
But I was wondering what's the exact technical implication of "trust this certificate" -

A) would the certificate go into the global trust store ( jre/lib/cacerts ) ?

B) Or will it only be trusted within the keystore to which it was imported (so that it can be used to sign other certificates, then import them into the same keystore) ?


Thanks
 
Raj Srivastava
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
keytool -import -file aCertifacte.cer -trustcacerts -alias a1 -keystore D:\WebSphere5\AppServer\java\jre\lib\security/cacerts

Is the command where aCertificate.cer is the certificate file you want to import. It will be added in cacerts.

Also, you would want to add it in a cacerts of where the JRE is located and which JRE you want to use... in non-websphere world, it will be under java.1.4.2_06/...jre/lib/sercurity
 
Raj Srivastava
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It will go in cacerts which has been defined with "-keystore" param. There is no concept of global "keystore". You may have 10 different copy's of JRE on ur machine.
Whichever jre you want to use, import certificate there.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic