java SSL and cert keystore

Question

How does my java program know where my keystore containing the certificate is  Or alternatively how do I tell my java program where to look for the keystore   After specifying the keystore in some way  how to specify the certificate to use for authenticating the server to client

User · Answer

you can also mention the path at runtime using -D properties as below

-Djavax.net.ssl.trustStore=/home/user/SSL/my-cacerts 
-Djavax.net.ssl.keyStore=/home/user/SSL/server_keystore.jks

In my apache spark application, I used to provide the path of certs and keystore using --conf option and extraJavaoptions in spark-submit as below

--conf 'spark.driver.extraJavaOptions= 
-Djavax.net.ssl.trustStore=/home/user/SSL/my-cacerts 
-Djavax.net.ssl.keyStore=/home/user/SSL/server_keystore.jks'

User · Answer

System setProperty  javax net ssl trustStore   path to your jks file

User · Answer

SSL properties are set at the JVM level via system properties  Meaning you can either set them when you run the program  java -D      Or you can set them in code by doing System setProperty    The specific keys you have to set are below       javax net ssl keyStore- Location of   the Java keystore file containing an   application process s own certificate   and private key  On Windows  the   specified pathname must use forward   slashes     in place of backslashes       javax net ssl keyStorePassword - Password   to access the private key from the   keystore file specified by   javax net ssl keyStore  This password   is used twice  To unlock the keystore   file  store password   and To decrypt   the private key stored in the keystore    key password        javax net ssl trustStore - Location of   the Java keystore file containing the   collection of CA certificates trusted   by this application process  trust   store   On Windows  the specified   pathname must use forward slashes       in place of backslashes          If a trust store location is not   specified using this property  the   SunJSSE implementation searches for   and uses a keystore file in the   following locations  in order            JAVA HOME lib security jssecacerts    JAVA HOME lib security cacerts         javax net ssl trustStorePassword   -   Password to unlock the keystore file    store password  specified by   javax net ssl trustStore       javax net ssl trustStoreType -  Optional    For Java keystore file format  this   property has the value jks  or JKS     You do not normally specify this   property  because its default value is   already jks       javax net debug - To switch   on logging for the SSL TLS layer  set   this property to ssl

User · Answer

First of all  there re two kinds of keystores   Individual and General  The application will use the one indicated in the startup or the default of the system   It will be a different folder if JRE or JDK is running  or if you check the personal or the  global  one   They are encrypted too  In short  the path will be like    JAVA HOME lib security cacerts for the  general one   who has all the CA for the Authorities and is quite important

User · Answer

Just a word of caution  If you are trying to open an existing JKS keystore in Java 9 onwards  you need to make sure you mention the following properties too with value as  JKS    javax net ssl keyStoreType javax net ssl trustStoreType   The reason being that the default keystore type as prescribed in java security file has been changed to pkcs12 from jks from Java 9 onwards

[java] java SSL and cert keystore

Examples related to java

Examples related to keystore