I have a java server that is trying to connect to an external Ldap server through SSL (as a client in order to perform queries).
I’m having trouble connecting since the certificate they send me upon connecting is trusted only in my local windows Truststore but is not present in java truststore (cacerts).
Is there a way to tell Java to trust any certificate that windows would have trust?
Or, alternatively, is there a way to import all trusted certificates from windows truststore to Java’s cacerts?
Any idea would be appreciated.
Advertisement
Answer
Is there a way to tell Java to trust any certificate that windows would have trust?
Please check @synoly’s answer
The JVM default is located at jre/lib/security/cacerts. You can set also your own truststore:
System.setProperty ("javax.net.ssl.trustStore", path_to_your_trustore_jks_file);
System.setProperty ("javax.net.ssl.trustStorePassword", "password");
is there a way to import all trusted certificates from windows truststore to Java’s cacerts?
There is no any automatic process, but you could build a program to extract trusted authorities from windows certificate store and import into a truststore configured to use in your application (modifying cacerts is not recommended)
//Read Windows truststore
KeyStore ks = KeyStore.getInstance("Windows-ROOT");
ks.load(null, null) ;