10

I want to use java key store to save keys and certificates. can anybody share some code to help me with this?

Brad Fox
  • 685
  • 6
  • 19
bhavesh1988
  • 151
  • 1
  • 1
  • 8

2 Answers2

6

There should be enough example code in the KeyStore Javadocs page to get you started:

As for the 'default' keystore - I'm not sure such a thing exists, normally you either load it explicitly from a file, or you can configure it using the following system properties:

  • javax.net.ssl.keyStore - Keystore location
  • javax.net.ssl.keyStorePassword - Keystore password
  • javax.net.ssl.keyStoreType - Keystore type (JKS, P12 etc)

And similar for the trust store:

  • javax.net.ssl.trustStore
  • javax.net.ssl.trustStorePassword
  • javax.net.ssl.trustStoreType
jocassid
  • 4,429
  • 1
  • 13
  • 6
Chris White
  • 29,949
  • 4
  • 71
  • 93
  • 2
    So is the only way to get hold of the JVM default keystore (ie. the one specified using javax.net.ssl.keyStore etc.) to read those system properties yourself and construct one or can you programatically get hold of it without that extra work? – mjaggard Sep 12 '18 at 10:12
  • 1
    To my knowledge yes – Chris White Sep 12 '18 at 13:41
  • As mentioned by Bruno in the answer below, in JSSE Reference Guide, there's no default Keystore (or as some people call it Identity Store) for Java. There's a default truststore though: jssecacers, if it exists. Otherwise cacerts in ..jre/lib/security/ – Brut3e Jun 04 '20 at 17:51
5

There is no default keystore in Java. This is documented in the customization section of the JSSE Reference Guide.

The default trust store is:

jssecacerts, if it exists. Otherwise, cacerts

However, it doesn't mean that these are the stores used by the default SSLContext, since it's also possible to change the default SSLContext (since Java 6) with one that would have been initialised with custom trust managers. (See this answer for more details).

Community
  • 1
  • 1
Bruno
  • 119,590
  • 31
  • 270
  • 376
  • Downvoters should try to understand the difference between keystore and truststore first, and read the table in the official documentation (first link). – Bruno May 04 '15 at 13:52
  • Can you configure the keystore properties using `javax.net.ssl.keyStore`? Will that be used by the default `SSLContext`? Asking for https://stackoverflow.com/questions/63719397/should-i-always-load-keystore-explicitely-in-my-webclient-for-authorized-service. – gagarwa Sep 09 '20 at 16:59