37
8
Which trusted root certificates are included in Java, specifically Sun Java and IBM Java? How can I get the list myself? Does Java on Windows use certificates from operating system?
Peter Štibraný
Posted 2009-10-14T20:21:26.947
Reputation: 1 281
36
Go to the "Java Control Panel", "Secure" tab and click on "Certificates". Go to "System" tab and select "Secure CA" or "Secure Sites CA" from the drop down.
IIRC, the certificates are stored in a Java serialised file in jre/lib/security/cacerts. This is a standard Java keystore that can be manipulated with the keytool utility:
keytool -keystore "$JAVA_HOME\jre\lib\security\cacerts" -storepass changeit -list
I believe Mac OS X now uses the OS to handle certificates.
Tom Hawtin - tackline
Posted 2009-10-14T20:21:26.947
Reputation: 653
7
Although the Oracle JRE (formerly the Sun JRE) comes with a range of certificates as Tom mentioned, on Windows the JRE will also use certificates associated with the current browser by default for applets and Web Start apps (as long as you're using "Internet Explorer 5.0 or higher or Mozilla 1.4 or higher").
It should "just work" if you want to do signature signing verification, HTTPS server authentication or HTTPS client authentication (e.g. signing Web Start applications with a corporate certificate that has already been installed on your machine). For more complicated use cases you might find this document more helpful.
rxg
Posted 2009-10-14T20:21:26.947
Reputation: 171
Does this has anything to do with the system's own root certs? (E.g. Windows'
certmgr.msc.) – Pacerier – 2015-11-06T09:46:14.9904@Pacerier No, Java maintains its own list of trusted CAs. – Hexaholic – 2015-12-14T15:49:31.210