If you deploy an applet or a java web start application and they either communicate back to a https protected web server or is signed with a certificate which CA cert is not part of the standard java CA certificate store, you need to add those CA certificate manually.
First you can customize where the default CA certificate are stored on client machine via a system wide deployment.config file.
| Operating System | Location |
|---|---|
| Windows | C:\Windows\sun\java\Deployment |
| Solaris, Linux | /etc/.java/deployment/deployment.config |
| OS X | /Library/Application Support/Oracle/Java/Deployment/deployment.config |
Reference: https://docs.oracle.com/javase/8/docs/technotes/guides/deploy/properties.html
In deployment.config contains two properties: deployment.system.config and deployment.system.config.mandatory.
Where the deployment.system.config is the most important and deployment.system.config.mandatory you probably want to set to true (default false). For details about mandatory property see above reference.
deployment.system.config=file:///C:/Windows/Sun/Java/Deployment/deployment.properties
deployment.system.config.mandatory=true
Now we can set the CA configuration in the deployment.properties, lets begin with the system wide properties.
| Property Key | Description | Default Value |
|---|---|---|
| deployment.system.security.cacerts | "System-level Root CA certificate store." "Signer CA - Certificates of Certificate Authorities (CAs) who issue the certificates to the signers of trusted certificates." | $JAVA_HOME + File.separator + lib + File.separator + security + File.separator + cacerts |
| deployment.system.security.jssecacerts | "System-level JSSE CA certificate store." "Secure Site CA - Certificates of CAs who issue the certificates for secure sites." | $JAVA_HOME + File.separator + lib + File.separator + security + File.separator + jssecacerts |
Then there are user specific
| Property Key | Description | Default Value |
|---|---|---|
| deployment.user.security.trusted.cacerts | "User-level Root CA certificate store." User: "Signer CA - Certificates of Certificate Authorities (CAs) who issue the certificates to the signers of trusted certificates." | $USER_HOME + File.separator + security + File.separator + trusted.cacerts |
| deployment.user.security.trusted.jssecacerts | "User-level JSSE CA certificate store." User: "Secure Site CA - Certificates of CAs who issue the certificates for secure sites." | $USER_HOME + File.separator + security + File.separator + trusted.jssecacerts |
Reference: https://docs.oracle.com/javase/8/docs/technotes/guides/deploy/properties.html
Reference: https://docs.oracle.com/javase/8/docs/technotes/guides/deploy/jcp.html
No comments:
Post a Comment