What format is java's cacerts format expected to be?

On any normal Oracle Java installation, cacerts should be a proprietary, binary, JKS key store type. If you have something different you may have a different JRE or the cacerts file is replaced.

You can manage the contents of cacerts using the keytool command delivered with the JDK.

I've checked this against 1.8.0_20; to be sure you may use file cacerts on Ubuntu.

Beware that the keystore used for client authentication usually is a PKCS#12 key store, so maybe you are confusing the two.


Perhaps this might help others with similar searches: I was trying to find the default list of trusted certificate authorities for the Java Runtime Environment because we wanted to install an SSL certificate into Tomcat. Had to finally remove oracle site from google searches and found this method to parse the binary file for the list. Good luck finding it at Oracle.com!

http://www.herongyang.com/PKI/HTTPS-Java-Default-Trusted-KeyStore-File-cacerts.html

<java jre directory>\bin\keytool -list -keystore cacerts -storepass changeit

Or you could do it the easy way by clicking the "system" tab when checking the java control panel - security - certificates

Tags:

Java

Ssl

Pki