java cacerts file vs MS windows trusted root certificate authorities store
in [Java Help]
|
Prev: is the open sourcing of IntelliJ IDEA getting some love?
Next: Redirecting System.out and exotic characters
From: steven acer on 4 Nov 2009 03:28 Hi all, when verifying a digital signature, does java check the MS windows trusted root certificate authorities store? if so, which has the highest priority the cacerts file or the OS store? if the CA was listed in the windows store but not in the cacerts file, would java still trust it? i've been scouring all over on the internet but i couldn't find any document on the subject.
From: steven acer on 5 Nov 2009 04:51 On Nov 5, 12:42 am, Lothar Kimmeringer <news200...(a)kimmeringer.de> wrote: > steven acer wrote: > > when verifying a digital signature, does java check the MS windows > > trusted root certificate authorities store? > > Not that I'm aware of. > > > i've been scouring all over on the internet but i couldn't find any > > document on the subject. > > Me either, but new root certificates always lead to a new update > of the Java Virtual Machine, so if there would be such a feature > this wouldn't be necessary. > > Regards, Lothar > -- > Lothar Kimmeringer E-Mail: spamf...(a)kimmeringer.de > PGP-encrypted mails preferred (Key-ID: 0x8BC3CD81) > > Always remember: The answer is forty-two, there can only be wrong > questions! too bad. my company is trying to install its own CA server so that we can issue certificates to all our employees to use them in our in house java application. Now this would mean we have to manually add the company's certificate to the cacerts file on each client machine since the changes in the Windows certificate store would be irrelevant for java and would go unnoticed by it. maybe this would convince them to authenticate with a certificate authority.
From: steven acer on 6 Nov 2009 03:27 On Nov 5, 1:43 pm, Lothar Kimmeringer <news200...(a)kimmeringer.de> wrote: > steven acer wrote: > > too bad. my company is trying to install its own CA server so that we > > can issue certificates to all our employees to use them in our in > > house java application. > > Now this would mean we have to manually add the company's certificate > > to the cacerts file on each client machine since the changes in the > > Windows certificate store would be irrelevant for java and would go > > unnoticed by it. > > What do you want to use the certificate for? If it's for SSL > and other similar stuff, you can solve that by using your own > TrustManager within your in house application. > > Regards, Lothar > -- > Lothar Kimmeringer E-Mail: spamf...(a)kimmeringer.de > PGP-encrypted mails preferred (Key-ID: 0x8BC3CD81) > > Always remember: The answer is forty-two, there can only be wrong > questions! we will use them for electronic signature.
From: steven acer on 7 Nov 2009 00:10
On Nov 6, 1:54 pm, Lothar Kimmeringer <news200...(a)kimmeringer.de> wrote: > steven acer wrote: > > On Nov 5, 1:43 pm, Lothar Kimmeringer <news200...(a)kimmeringer.de> > > wrote: > > >> What do you want to use the certificate for? If it's for SSL > >> and other similar stuff, you can solve that by using your own > >> TrustManager within your in house application. > > > we will use them for electronic signature. > > http://www.pankaj-k.net/archives/2004/02/accessing_windo.html > Other ways (newer than five years) might be possible as well (GIYF) > > Regards, Lothar > -- > Lothar Kimmeringer E-Mail: spamf...(a)kimmeringer.de > PGP-encrypted mails preferred (Key-ID: 0x8BC3CD81) > > Always remember: The answer is forty-two, there can only be wrong > questions! thanks Lothar, i think it would me much easier to authenticate with a trusted certificate authority and construct a chain of trust for our certificates, it will us save a lot of headache. Best |