0

Is there a way in Java to specify two different keystore when I launch it?

I would like to have:

java -Djavax.net.ssl.keyStoreType=pkcs12 -Djavax.net.ssl.keyStore=my-cert.p12 -Djavax.net.ssl.keyStorePassword=password MyApp

That use my .p12 and the normal java cacerts.

Thanks!

rascio
  • 8,968
  • 19
  • 68
  • 108
  • 1
    There is a way, more info [here](http://stackoverflow.com/questions/35125154/recursively-change-system-property-at-runtime-in-java/35298019#35298019). – always_a_rookie Mar 02 '16 at 17:21
  • Use [the code in that link](http://stackoverflow.com/questions/35125154/recursively-change-system-property-at-runtime-in-java/35298019#35298019) to define *two* trust managers and initialize the SSSLContext with both of the,. – user207421 Mar 03 '16 at 09:05
  • @erickson - Please forgive my ignorance. I specifically visited this question because I was interested in learning about multiple keystores. Its not clear to me how *"Using Two Java Keystores"* is a duplicate of *"Accept Self Signed Certificate"*. Could you please explain it to folks? (I also checked history, and its the same question asked at Revision 0). – jww Nov 02 '16 at 23:58
  • @jww The accepted answer of the duplicate question illustrates how to specify key stores for each connection. Maybe I should edit the title of the original question, but if you read it and the answer, you will see they have the same aim. – erickson Nov 03 '16 at 03:22
  • To me they seems different...I was asking for a solution using Java parameters, not using code. – rascio Nov 03 '16 at 13:36
  • @rascio Okay, maybe I misunderstood your question. Do you want to specify one key store to authenticate your client to a server, and a separate one with CA certificates, to authenticate the server? Or do you want to use the built-in CA certificates, and add some additional CA certificates? – erickson Nov 04 '16 at 16:40
  • I had (I don't remember all the details now) a .p12 file that was a store of certificates, and I would like to tell at the jvm use the standard one (the cacerts file) and this additional one, but without the need of write code in the application. – rascio Nov 05 '16 at 13:01

0 Answers0