[tls] On 8059818 Keytool does not recognize jssecacerts for -trustcacerts command line option
Wang Weijun
weijun.wang at oracle.com
Wed Oct 8 08:57:41 UTC 2014
On Oct 8, 2014, at 16:01, Xuelei Fan <xuelei.fan at oracle.com> wrote:
> It looks strange to me now that this keytool command cannot specify the
> customized trusted anchor sources. Normally, the key store of the trust
> anchor should be customizable so that users can use the trust anchor
> other than the cacerts key store. For example, in JSSE, application is
> able to use key store other than cacerts as the trust store; in PKIX
> certification path building and validation, application is also able to
> specify the trust store.
It will be ugly if we add too many options for keytool. I'll think about creating some new system properties.
--Max
More information about the security-dev
mailing list