How To Set Djavax Net Ssl Truststore

The keytool control in Coffee is a tool for managing certificates into keyStore and trustStore which is used to store certificates and requires during the SSL handshake process. By using thekeytool command you lot tin do many things but some of the almost common operations are viewing certificates stored in the keystore, importing new certificates into the keyStore, delete whatever document from the keystore, etc. For those who are not familiar keyStore, trustStore, and SSL Setup for Java application Hither is a cursory overview of What is a trustStore and keyStore in Java.

Both trustStore and keyStrore is used to store certificate signed by signer authorization or CA (Certificate authority), with keyStore additionally storing personal certificate for the customer which is used during customer authentication on SSL handshake procedure if information technology's enabled.

In this article we volition see some basic examples of keytool command in Coffee to observe how many certificates nosotros have in keyStore, viewing those certificates, adding new certificates, and deleting one-time certificates from keyStore or trustStore in Coffee.

How to apply keytool command in Coffee

Post-obit are some most common or often used instance of keytool command which comes when you installed JDK. but type keytool command in your control prompt and it volition show a lot of command-line options if your PATH is set up correctly for Java.

If Path is not set properly it will mutter that not able to discover the keytool command. Don't worry y'all just demand to add together the JAVA_HOME/bin directory in your path to become the keytool command working.

keytool control to find how many certificates are in keyStore:

This is the first example of the keytool command which will show y'all how many certificates are stored in trustStore or keyStore file :

exam@nykdev32:/cygdrive/c/Program Files/Java/jdk1.6.0_26/jre/lib/security keytool  -list -keystore jssecacerts Enter keystore            password:  changeit  Keystore            blazon: JKS Keystore            provider: SUN  Your keystore contains            81            entries  digicertassuredidrootca,            07/01/2008, trustedCertEntry, Document fingerprint (MD5):            87:CE:0            B:vii            B:2            A:0            Eastward:49:00:E1:58:71:nine            B:37:A8:93:72            trustcenterclass2caii,            07/01/2008, trustedCertEntry,

above keytool command shows that default keystore jssecacerts , which comes along with JRE and present in JAVA_HOME directory on path JAVA_HOME/JRE/lib/security , has 81 certificates in it and keyStore type is JKS which stands for Java Fundamental Shop. One of those certificates are from DigiCert

keytool command examples in Java

keytool command to view certificate details from keyStore :

Now if you lot desire to see details of certificates e.thousand. Common proper noun (CN) and other attributes you can use the post-obit keytool command to view details of certificates stored in keyStore in Java :

exam@nykdev32:/cygdrive/c/Program Files/Coffee/jdk1.6.0_26/jre/lib/security keytool  -listing -v -keystore jssecacerts Enter keystore            password:  changeit  Keystore            type: JKS Keystore            provider: Sunday  Your keystore contains            81            entries  Allonym            name: digicertassuredidrootca Cosmos            date:            07/01/2008            Entry            type: trustedCertEntry            Owner: CN=DigiCert Assured ID Root CA, OU=world wide web.digicert.com, O=DigiCert Inc, C=US            Issuer: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=Usa Serial            number: ce7e0e517d846fe8fe560fc1bf03039 Valid            from: Thu November            09            20:00:00            VET            2006            until: Sun Nov            09            nineteen:30:00            VET            2031            Certificate            fingerprints:            MD5:            87:CE:0            B:7            B:2            A:0            E:49:00:E1:58:71:nine            B:37:A8:93:72            SHA1:            05:63:B8:63:0            D:62:D7:5            A:BB:C8:AB:i            E:4            B:DF:B5:A8:99:B2:4            D:43            Signature algorithm            name: SHA1withRSA            Version:            3

keytool command for adding a document in keystore and trustStore :

Now if you want to import whatever document into this keystore you tin use the following keytool command :

            $ keytool            -import            -allonym            adding_certificate_keystore                        -file            self.cer            -keystore jssecacerts

this volition print certificate details and prompt you to accept the certificate, one time y'all confirm that past typing Yes, the document will exist added into your keyStore. For verification purposes, you can re-run the previous keytool control to become a total number of certificates in the keystore. For example, if we run the following keytool control, it should print 82 certificates in keyStore :

examination@nykdev32:/cygdrive/c/Program Files/Java/jdk1.6.0_26/jre/lib/security keytool  -list -keystore jssecacerts Enter keystore            countersign:  changeit  Keystore            type: JKS Keystore            provider: SUN  Your keystore contains            82            entries

Another useful keytool command option is -printcert which prints details of a certificate stored in the .cer file :

$ keytool -printcert -file            examination.cer

That's all on some basic keytool command examples for viewing and adding certificates into keystore and trustStore in Coffee. I still adopt a GUI tool for creating keystore and managing certificates just keytool is a good alternative because information technology comes along with JDK installation and available in well-nigh places.

Coffee Tutorials from java67 web log