1

Can I safely re-use a java keystore file (jre/lib/security/cacerts) between any 'minor releases' and across all vendor-implementations (e.g: oracle/ibm/openjdk)?

I.e. :Will a 'cacerts file' for Oracle Java 1.8.x work with an IBM Java 1.8.y?

What about across releases, will the format always change between major java releases?

Do any exceptions exist (i.e. 'cacerts' format did not change between Java 1.x and 1.y, but changed in 1.z)

Brian Tompsett - 汤莱恩
  • 5,753
  • 72
  • 57
  • 129
user331465
  • 2,984
  • 13
  • 47
  • 77
  • The Sun//Oracle KeyStore format has never changed. I'm still using one from 1997. However IBM use a different format I believe, and so can any vendor. – user207421 Sep 08 '16 at 02:01

1 Answers1

0

The cacerts formats are similar between Oracle and IBM JDK. However the content is not same. Each JDK implementation acquire the certificates from the vendors separately and there can be legal implications using the cacerts between vendors. Also, the certificate exist with one implementation need not exist with another one.

The cacerts are updated even between minor versions and hence it is recommended to use the cacerts released with the JDK build.

Nasser Ebrahim
  • 21
  • 2