Java certificates shown in javaws.exe don't match keytool -list

Question

Environment: Windows 10pro 64bits, Java 1.8.0_261 (32bits)

Certificates imported with javaws dialog are not shown with keytool command, and viceversa.

Case 1) javaws.exe -viewer --> Security --> Manage certificates No certificates at all are shown
Case 2) 'C:\Program Files (x86)\Java\jre1.8.0_261\bin\keytool.exe' -list -keystore 'C:\Program Files (x86)\Java\jre1.8.0_261\lib\security\cacerts' 98 'trustedCertEntry' certificates are listed

Any certificate imported with the javaws.exe dialog will not be shown in command line with keytool.exe, but only in javaws. Any certificate imported/deleted with keytool (-import / -delete switches) will not appear in javaws certificates dialog, but only with keytool -list

What am I missing? Thanks.

That "Security" tab is actually the Java Control Panel and the JCP Certificate dialog should access JRE/lib/security/cacerts _only_ for System-level "Signer CA" or "Secure Site CA" ; other tabs and selections use different files. See https://docs.oracle.com/javase/7/docs/technotes/guides/jweb/jcp/jcp.html#manage_certs . — dave_thompson_085, Mar 20 '23 at 23:36

score 0 · Answer 1 · answered Mar 22 '23 at 11:29

I got it working by explicitely defining the files for cacert in deployment.properties:

deployment.system.security.trusted.cacerts=C\:\\Program Files (x86)\\Java\\jre1.8.0_261\\lib\\security\\cacerts

Whithout this line, it seems that the keystores that keytool.exe and the java control panel are reading/writing are different, despite using the default cacert keystore name.

Java certificates shown in javaws.exe don't match keytool -list

1 Answers1