{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Juvenile、少年° 的问题《What format is java's cacerts format expected》','https://www.manongdao.com/q-785395.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm slightly confused about cacerts formats. An application I use recently had to upgrade it's cacerts file. The original cacerts file was pk12 format (I assume, it's binary), while the new format is clearly pem. I can use either cacert, but when I suggested someone having trouble with authentication upgrade to the new cacert he gets complaints because it is not a pk12 format.
What file format should cacert's be? can it be either format? Does something configure/define which format it should expect?
On any normal Oracle Java installation,
cacertsshould be a proprietary, binary, JKS key store type. If you have something different you may have a different JRE or thecacertsfile is replaced.You can manage the contents of
cacertsusing thekeytoolcommand delivered with the JDK.I've checked this against 1.8.0_20; to be sure you may use
file cacertson Ubuntu.Beware that the keystore used for client authentication usually is a PKCS#12 key store, so maybe you are confusing the two.
Perhaps this might help others with similar searches: I was trying to find the default list of trusted certificate authorities for the Java Runtime Environment because we wanted to install an SSL certificate into Tomcat. Had to finally remove oracle site from google searches and found this method to parse the binary file for the list. Good luck finding it at Oracle.com!
http://www.herongyang.com/PKI/HTTPS-Java-Default-Trusted-KeyStore-File-cacerts.html
Or you could do it the easy way by clicking the "system" tab when checking the java control panel - security - certificates