java cacerts file vs MS windows trusted root certificate authoritiesstore

S

steven acer

Hi all,

when verifying a digital signature, does java check the MS windows
trusted root certificate authorities store?
if so, which has the highest priority the cacerts file or the OS
store? if the CA was listed in the windows store but not in the
cacerts file, would java still trust it?

i've been scouring all over on the internet but i couldn't find any
document on the subject.
 
L

Lothar Kimmeringer

steven said:
when verifying a digital signature, does java check the MS windows
trusted root certificate authorities store?
Click to expand...

Not that I'm aware of.
i've been scouring all over on the internet but i couldn't find any
document on the subject.
Click to expand...

Me either, but new root certificates always lead to a new update
of the Java Virtual Machine, so if there would be such a feature
this wouldn't be necessary.


Regards, Lothar
--
Lothar Kimmeringer E-Mail: (e-mail address removed)
PGP-encrypted mails preferred (Key-ID: 0x8BC3CD81)

Always remember: The answer is forty-two, there can only be wrong
questions!
 
S

steven acer

Not that I'm aware of.


Me either, but new root certificates always lead to a new update
of the Java Virtual Machine, so if there would be such a feature
this wouldn't be necessary.

Regards, Lothar
--
Lothar Kimmeringer                E-Mail: (e-mail address removed)
               PGP-encrypted mails preferred (Key-ID: 0x8BC3CD81)

Always remember: The answer is forty-two, there can only be wrong
                 questions!
Click to expand...

too bad. my company is trying to install its own CA server so that we
can issue certificates to all our employees to use them in our in
house java application.
Now this would mean we have to manually add the company's certificate
to the cacerts file on each client machine since the changes in the
Windows certificate store would be irrelevant for java and would go
unnoticed by it.
maybe this would convince them to authenticate with a certificate
authority.
 
L

Lothar Kimmeringer

steven said:
too bad. my company is trying to install its own CA server so that we
can issue certificates to all our employees to use them in our in
house java application.
Now this would mean we have to manually add the company's certificate
to the cacerts file on each client machine since the changes in the
Windows certificate store would be irrelevant for java and would go
unnoticed by it.
Click to expand...

What do you want to use the certificate for? If it's for SSL
and other similar stuff, you can solve that by using your own
TrustManager within your in house application.


Regards, Lothar
--
Lothar Kimmeringer E-Mail: (e-mail address removed)
PGP-encrypted mails preferred (Key-ID: 0x8BC3CD81)

Always remember: The answer is forty-two, there can only be wrong
questions!
 
S

steven acer

What do you want to use the certificate for? If it's for SSL
and other similar stuff, you can solve that by using your own
TrustManager within your in house application.

Regards, Lothar
--
Lothar Kimmeringer                E-Mail: (e-mail address removed)
               PGP-encrypted mails preferred (Key-ID: 0x8BC3CD81)

Always remember: The answer is forty-two, there can only be wrong
                 questions!
Click to expand...

we will use them for electronic signature.
 
S

steven acer

http://www.pankaj-k.net/archives/2004/02/accessing_windo.html
Other ways (newer than five years) might be possible as well (GIYF)

Regards, Lothar
--
Lothar Kimmeringer                E-Mail: (e-mail address removed)
               PGP-encrypted mails preferred (Key-ID: 0x8BC3CD81)

Always remember: The answer is forty-two, there can only be wrong
                 questions!
Click to expand...

thanks Lothar, i think it would me much easier to authenticate with a
trusted certificate authority and construct a chain of trust for our
certificates, it will us save a lot of headache.

Best
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Solution - Verisign expired root CA and "No trusted certificate found" using JSSE 2
Server certificate validation on client side 0
Certificate chain and Java Web Start 4
Java SSL client and IIS 5.0 server problem 0
add Root CA cert in ASP 0
ANN: eGenix pyOpenSSL Distribution 0.13.2.1.0.1.5 0
SSL certificate validation fails in windows service 0
HTTPS with JSSE --- Use SSLSocketFactory or not 0

Members online

No members online now.
Total: 67 (members: 0, guests: 67)
Robots: 428

Forum statistics

Threads
473,982
Messages
2,570,190
Members
46,736
Latest member
zacharyharris

Latest Threads

Top