Hi, Am Freitag, den 22.04.2011, 21:19 +0900 schrieb Joel Rees: > You say options, does that mean you did or did not find the browser > certificate store dialog? I did find it, but the trusted certificate was not in the list. I think it is being added at another place. But I was unable to locate it. > > Therefore I think that the certificate is marked trusted by OpenJDK. > > But I'm unable to find the default keystore. > > Have you tried installing the openJDK Policy Tool (GUI) and/or > Monitoring and Management Console (JConsole)? Yes, but it did not help me to find the certificate store location. > > It should be possible to add and remove trusted certificates with the > > keytool command, but I have to specify the keystore. > > > > Any idea where OpenJDK might have it's default keystore? > > Or am I looking the wrong way at that problem? > > I think the policy tool can tell you what it's using. Then again, I > thnk the command line policy tool should use the default if it's going > to use the default. I also thought so, but it requires you to specify a key store location. This differs to what I found in the documentation of the oracle keytool. | Keystore Location | | Each keytool command has a -keystore option for specifying the name | and location of the persistent keystore file for the keystore managed | by keytool. The keystore is by default stored in a file | named .keystore in the user's home directory, as determined by the | "user.home" system property. Given user name uName, the "user.home" | property value defaults to | | C:\Winnt\Profiles\uName on multi-user Windows NT systems | C:\Windows\Profiles\uName on multi-user Windows 95 systems | C:\Windows on single-user Windows 95 systems | | Thus, if the user name is "cathy", "user.home" defaults to | | C:\Winnt\Profiles\cathy on multi-user Windows NT systems | C:\Windows\Profiles\cathy on multi-user Windows 95 systems Source: http://download.oracle.com/javase/1.4.2/docs/tooldocs/windows/keytool.html I do not have a .keystore file though. Using `find . -name *keystore*` will only give me gnome keyring's keystore, which does not hold the certificate either. Just gave it a try and switched to oracles JRE. That one asked me again if I want to trust the certificate. Seems that OpenJDK and SUN/Oracle JRE do not share the same keystore. Unless it got purged during the uninstall. But still I'm not sure how to undo an "Always Trust" option with oracles JRE or OpenJDK. Probably these options are not meant to be undone :-) Regards, adris
Attachment:
signature.asc
Description: This is a digitally signed message part