I'm using the class InstallCert to import a VMware vCenter certificate into my local Java keystore.

The line socket.startHandshake() returns an UnsupportedOperationException, but the class SavingTrustManager still has downloaded the certificate successfully.

Then I store the downloaded certificate into my local keystore by using the following snippet.

KeyStore jsk;
... ... ..
jks.setCertificateEntry(alias, cert);
OutputStream out = new FileOutputStream("jssecacert");
jks.store(out, passphrase);
out.close();

But when I try to list all the entries in the keystore: keytool -list -keystore jssecacerts -v, It shows that there are 160 entries including the one that I have downloaded.

I'm pretty sure that the keystore is generated by my code, and it is supposed to be initially empty. I'd like to know where do the other 159 entries come from ?

Thanks.

Use KeyStoreExplorer for comparing both truststores: jssecacerts generated by the Installcert class, and the cacerts file located en your Java>jre>security>lib.

Istallcert takes the certificate from the server and creates a copy of the truststore of the JVM you are using. then it adds the certificate to the copy of your truststore, and names it "jssecacerts". Check this piece of code:

File file = new File("jssecacerts");
    if (file.isFile() == false) {
        char SEP = File.separatorChar;
        File dir = new File(System.getProperty("java.home") + SEP
        + "lib" + SEP + "security");
        file = new File(dir, "jssecacerts");
        if (file.isFile() == false) {
            file = new File(dir, "cacerts");

            }
    }

You then just need to rename jsscacerts to cacerts and replace the original one on your JVM