• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Liutauras Vilda
  • Ron McLeod
Sheriffs:
  • Jeanne Boyarsky
  • Devaka Cooray
  • Paul Clapham
Saloon Keepers:
  • Scott Selikoff
  • Tim Holloway
  • Piet Souris
  • Mikalai Zaikin
  • Frits Walraven
Bartenders:
  • Stephan van Hulst
  • Carey Brown

importing a certificate with keytool - effects of "trust this certificate"?

 
Ranch Hand
Posts: 311
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

When using keytool to import a certificate, it prompts with the question "trust this certificate".

Now, I *am* aware of the notions of certificate authorities, certificate chains, etc...
But I was wondering what's the exact technical implication of "trust this certificate" -

A) would the certificate go into the global trust store ( jre/lib/cacerts ) ?

B) Or will it only be trusted within the keystore to which it was imported (so that it can be used to sign other certificates, then import them into the same keystore) ?


Thanks
 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
keytool -import -file aCertifacte.cer -trustcacerts -alias a1 -keystore D:\WebSphere5\AppServer\java\jre\lib\security/cacerts

Is the command where aCertificate.cer is the certificate file you want to import. It will be added in cacerts.

Also, you would want to add it in a cacerts of where the JRE is located and which JRE you want to use... in non-websphere world, it will be under java.1.4.2_06/...jre/lib/sercurity
 
Raj Srivastava
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It will go in cacerts which has been defined with "-keystore" param. There is no concept of global "keystore". You may have 10 different copy's of JRE on ur machine.
Whichever jre you want to use, import certificate there.
 
Nothing up my sleeve ... and ... presto! A tiny ad:
We need your help - Coderanch server fundraiser
https://coderanch.com/wiki/782867/Coderanch-server-fundraiser
reply
    Bookmark Topic Watch Topic
  • New Topic