Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Which is the default location for keystore/truststore of Java applications?

Tags:

java

ssl

keystore

I am writing an application that uses SSL. Hence, I have a dummy keystore and a dummy truststore I want to supply to my customer. Is there any default folder to put them inside my distribution? e.g. docs, lib, bin...etc. Where is usually the keystore put on the server and where is usually truststore put on the client?

Thanks

like image 705
yura Avatar asked Nov 04 '10 14:11

yura

People also ask

Where is the Java truststore located?

Truststore. The truststore is a file that contains the root certificates for Certificate Authorities (CA) that issue certificates such as GoDaddy, Verisign, Network Solutions, and others. The truststore comes bundled with the JDK/JRE and is located in $JAVA_HOME/lib/security/cacerts .

Where is the default Java keystore?

By default, Java has a keystore file located at JAVA_HOME/jre/lib/security/cacerts. We can access this keystore using the default keystore password changeit.

What is keystore and truststore in Java?

Keystores and truststores are repositories that contain cryptographic artifacts like certificates and private keys that are used for cryptographic protocols such as TLS. A keystore contains personal certificates, plus the corresponding private keys that are used to identify the owner of the certificate.

Where is the keystore file location?

The default location is /Users/<username>/. android/debug. keystore.

2 Answers

In Java, according to the JSSE Reference Guide, there is no default for the keystore, the default for the truststore is "jssecacerts, if it exists. Otherwise, cacerts".

A few applications use ~/.keystore as a default keystore, but this is not without problems (mainly because you might not want all the application run by the user to use that trust store).

I'd suggest using application-specific values that you bundle with your application instead, it would tend to be more applicable in general.

like image 177
Bruno Avatar answered Oct 23 '22 11:10

Bruno

Like bruno said, you're better configuring it yourself. Here's how I do it. Start by creating a properties file (/etc/myapp/config.properties).

javax.net.ssl.keyStore = /etc/myapp/keyStore
javax.net.ssl.keyStorePassword = 123456

Then load the properties to your environment from your code. This makes your application configurable.

FileInputStream propFile = new FileInputStream("/etc/myapp/config.properties");
Properties p = new Properties(System.getProperties());
p.load(propFile);
System.setProperties(p);
like image 15
Kristian Benoit Avatar answered Oct 23 '22 10:10

Kristian Benoit
Sign in to Comment

Related questions

Does Maven support incremental builds?
Is there a replacement library for CORBA in JDK 11 [closed]
what is java.io.EOFException, Message: Can not read response from server. Expected to read 4 bytes, read 0 bytes
What determines the number of threads a Java ForkJoinPool creates?
Exception : mockito wanted but not invoked, Actually there were zero interactions with this mock
What is the best way to use JavaDoc to document a Java enum?
Servlet-3 Async Context, how to do asynchronous writes?
Java thread dump: Difference between "waiting to lock" and "parking to wait for"?
Test-Driven Development - How to write a test before none of implementation code exists
Passing whole object vs passing object's property
How to deal with (maybe) null values in a PreparedStatement?
Difference between Resident Set Size (RSS) and Java total committed memory (NMT) for a JVM running in Docker container
Android Work Manager vs Services?
Why not to start a thread in the constructor? How to terminate?
Why does java wait so long to run the garbage collector?
Autowired Environment is null
How does Java resolve a relative path in new File()?
RxJava: difference between doOnNext and doOnEach
How do I create a Java sandbox?
Why doesn't the String class in Java implement Iterable?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!