I have a cacerts file in location ( /usr/java/jdk1.6.0_29/jre/lib/security/cacerts), and so my java application is looking for a keystore file in that location.
However, given that my java version is very old and that the cacerts file is only updated by CA root certificates when updating the JRE, which is quite rare (depending on the priorities of dev), I understand that my Java application will be there if some external third-party contributes new third-party certificates that are not present in my cacerts file.
So, having examined several options, I found that I need to use the -Djavax.net.ssl.trustStore property and set its value to the location of my cacerts file outside the JRE. So that the application searches for the cacerts file outside of the JRE and then references my default cacerts file.
So my question is why do this? What is the advantage of keeping it outside the JRE (to make it independent of the JRE?)
As it becomes independent of the JRE, it will not look for new third-party root certificates and therefore my JAVA application will not be affected?
Or it should do something with the javax.net.ssl.trustStore property.
I already mentioned this one .
But can someone please make me understand this, because I do not see a clear picture of this.
source
share