0

I am running Java 8 on Windows 10. I have a security subfolder under my JAVA_HOME and can see the cacerts file there. However, I am trying to call a remote service which requires a client certificate. I have the required client certificate as a .jks file but do not know how to put it in place so that Java will pick it up when making the service call.

I have tried copying the .jks file into the same directory as the cacerts but it did not work (restarting the Java VM, of course). I also tried using the keytool to export from the .jks file into a .cer file and then importing the .cer file into cacerts but I hit a permissions issue there.

I have turned on javax debugging (-Djavax.net.debug=ssl,handshake) so I can see what certificates are found.

So, how do I get Java to find my certificates?

user207421
  • 305,947
  • 44
  • 307
  • 483
Tevya
  • 836
  • 1
  • 10
  • 23
  • 1
    In your keystore. There is no default. You can tell Java where it is via `-Djavax.net.ssl.keyStore=`. See the JSSE Reference Guide. – user207421 Feb 07 '20 at 23:25
  • Force the keystore: https://stackoverflow.com/questions/5871279/java-ssl-and-cert-keystore – Marged Feb 07 '20 at 23:27
  • 2
    And to be clear, JRE/lib/security/cacerts is (normally) used for the _truststore_ which is used to check the _server_ cert, not to supply the client cert. Java uses the keystore _format_ (JKS) for both the keystore and truststore _data_, which are different. – dave_thompson_085 Feb 07 '20 at 23:47

0 Answers0