[tls] On 8059818 Keytool does not recognize jssecacerts for -trustcacerts command line option

Wang Weijun weijun.wang at oracle.com
Wed Oct 8 08:57:41 UTC 2014


On Oct 8, 2014, at 16:01, Xuelei Fan <xuelei.fan at oracle.com> wrote:

> It looks strange to me now that this keytool command cannot specify the
> customized trusted anchor sources.  Normally, the key store of the trust
> anchor should be customizable so that users can use the trust anchor
> other than the cacerts key store.  For example, in JSSE, application is
> able to use key store other than cacerts as the trust store; in PKIX
> certification path building and validation, application is also able to
> specify the trust store.

It will be ugly if we add too many options for keytool. I'll think about creating some new system properties.

--Max



More information about the security-dev mailing list