[tls] On 8059818 Keytool does not recognize jssecacerts for -trustcacerts command line option

Wang Weijun weijun.wang at oracle.com
Wed Oct 8 01:35:09 UTC 2014

Hi, SSL/TLS experts

A bug was recently filed at


The reporter requests for keytool -importcert to pre-trust certs in jre/lib/security/jssecacerts. The command only recognizes jre/lib/security/cacerts now.

It is always possible to import a private CA into a user's keystore (where the client side private key is stored) and then import a cert into there without any prompt. However, if you think testing an extra keystore (like jssecacerts) has its own benefit, I will add the support.


More information about the security-dev mailing list