cacerts : Java Glossary

by Roedy Green ©1996-2009 Canadian Mind Products
index page for letter ⇒ punctuation 0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z (all)

cacerts

A file used to keep the root certificates of signing authorities.

The default password for the .cacerts file is changeit.

In the JRE look for it in:

cacerts list of trusted certificate authorities :

in C:\Program Files\java\jre6\lib\security\cacerts in the JRE 1.6.0 on your local hard disk.
in J:\Program Files\java\jdk1.6.0_11\jre\lib\security\cacerts in the in the JDK 1.6.0 on your local hard disk.
in C:\Program Files\java\jre1.5.0_17\lib\security\cacerts in the older JRE 1.5.0 on your local hard disk.
in J:\Program Files\java\jdk1.5.0_17\jre\lib\security\cacerts in the in the older JDK 1.5.0 on your local hard disk.

Since cacerts is a binary file, you must view it with keytool.exe using code like this.

Just to confuse you, there are even other copies of it in C:\Program Files\Java Web Start\cacerts. On my machine I found 10 copies! Lot’s of luck guessing which one it is using at any given time.

Since you implicitly trust all the Certificate Authorities in the cacerts file for code signing and verification you must manage the cacerts file carefully. The cacerts file should contain only certificates of the CAs you trust.

cacerts is stored in jks format (Java Key Store) similar to PKCS #12 containing only public keys, protected by a passphrase, but no private keys. It may also contain SSL keys.

The first four signature bytes of a Sun cacerts file in hex are FEEDFEED.

.cacerts Finder/Viewer
certificate
keyman: a more user-friendly cacerts manipulator
keystore
keytool.exe
PKCS
SSL

	Please email your feedback for publication, errors, omissions, broken/redirected link reports and suggestions to improve this page to Roedy Green :
	Canadian Mind Products
	mindprod.com IP:[65.110.21.43]
	Your face IP:[38.103.63.62]	The information on this page is for non-military use only.
	You are visitor number 27,375.	Military use includes use by defence contractors.
	You can get a fresh copy of this page from:	or possibly from your local J: drive (Java virtual drive/mindprod.com website mirror)
	http://mindprod.com/jgloss/cacerts.html	J:\mindprod\jgloss\cacerts.html