0

How can I validate a public certificate (one I have in file) against JVM trustStore without providing explicit link to ceacert file?

It's done e.g. by javax.net.ssl.SSLSocketFactory (SSLPoke.java example here: https://gist.github.com/4ndrej/4547029)

Edited: I've changed original question after understanding better the problem and difference between trustStore and keyStore

pzk
  • 1
  • 1
  • 4
  • 1
    The `cacerts` file *is* the default certificates file. Your citation doesn't say otherwise. It says there is no default *keystore.* Not the same thing. JSSE doesn't validate keys, it validates certificates. Your question really is not clear. – user207421 May 04 '15 at 13:03
  • 1
    There is no default file for the _keystore_, there _is_ a default file for the _truststore_. If you _need_ to use the keystore, you must create your file and import your certificate into it. There is a ton of links to show you how to create your own keystore [one](https://www.digitalocean.com/community/tutorials/java-keytool-essentials-working-with-java-keystores) [two](http://www.javacodegeeks.com/2014/07/java-keystore-tutorial.html), [three](https://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html)... – superbob May 04 '15 at 13:21
  • You should read about the difference between keystore and truststore. See [this question](http://stackoverflow.com/q/6340918/372643) and [this one](http://stackoverflow.com/q/318441/372643), for example. In what context are you trying to verify your certificate? Are you making a connection to your server? – Bruno May 04 '15 at 13:54
  • Thanks for replies, especially for links from Bruno. I think the question should be: How can I validate a public certificate (one I have in file) against JVM trustStore without providing explicit link to **ceacert** file? – pzk May 04 '15 at 14:42
  • I believe here is answer for my question: http://stackoverflow.com/a/6379434/4862240 Again thanks to @Bruno – pzk May 04 '15 at 15:05

0 Answers0