|
Relates :
|
|
|
Relates :
|
|
|
Relates :
|
|
|
Relates :
|
keytool has a -cacerts flag to operate on the internal cacerts file (thanks!). BUT: keytool still wants a storepass, even though it obviously knows how to read from the cacerts file, and there is little security here since all cacerts files have the same well-known storepass. The keytool docs say """When retrieving information from the keystore, the password is optional. If no password is specified, then the integrity of the retrieved information can't be verified and a warning is displayed.""" BUT: $ keytool -list -cacerts -storepass bogus keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect It is possible to get the data, but you have to get the prompt, then ENTER (null password) to get the desired output. $ keytool -list -cacerts Enter keystore password: ***************** WARNING WARNING WARNING ***************** * The integrity of the information stored in your keystore * * has NOT been verified! In order to verify its integrity, * * you must provide your keystore password. * ***************** WARNING WARNING WARNING ***************** Keystore type: JKS Keystore provider: SUN Your keystore contains 80 entries ... All of this seems to make no sense. With keytool -cacerts, java should just access the cacerts using whatever means it normally uses (I'm not sure how ... does it hard-code the well-known password?)
|