Menu
I'm looking to write something that can enumerate and use (to sign) certificates in CurrentUser/My and LocalMachine/My, but I haven't been able to find anything for the Windows cert store, only Java's own secret store. This link looks promising, but I can only use what ships with Java.
I found this question asked on SO before, but it's from five years ago, which is a long time in computer years. Thanks!
644
Java stores the trusted certificates in a special file named cacerts that lives inside our Java installation folder. The default password for this KeyStore is “changeit”, but it could be different if it was previously changed in our system.
Java's list of trusted certificates is stored in its default truststore. This file is usually called cacerts .
The cacerts file represents a system-wide keystore with CA certificates. System administrators can configure and manage that file using keytool, specifying jks as the keystore type. The cacerts keystore file ships with several root CA certificates. The initial password of the cacerts keystore file is changeit .
Start Java with -Djavax.net.ssl.trustStoreType=WINDOWS-ROOT.
See https://www.oracle.com/technical-resources/articles/javase/security.html for more information.
164
The cross-platform nature of the Java has its own downsides -- you cannot access some (or many) OS-specific things without external libraries. Windows certificate store is accessible only via CryptoAPI native functions which are not support by Java default installation.
You may take a look at this thread: Calling Win32 API method from Java
If you can use JNA, then you can use various Certificate and Certificate Store Functions in crypt32.dll to enumerate certificates and perform signing operations.
35
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
