Hi All,
I am using Client Authenticated TLS for my application to connect to TLS Enabled server.
I am the consumer.
I have my own keystore and truststore file.
My truststore has server's certificate in otder to trust it during the handshake time.
In code I am creating TrustManagerFactory object from my own truststore file but when I look at the debug statements in consol at runtime it also picks up the JRE/lib/security/cacert file and loads all the trusted certificate and add it as trusted certs.
I thought it only loads cacsert file if you do not specify your truststore file.
Question: Is it the default behaviour of JSSE to append all the trusted certificate from cacert file along with your specified truststore file ?
Here is my configuration and sample code
Configuration:
securityProvider=SunJSSE
keyStoreType=jks
keyManagerAlgorithm=SunX509
sslContextProtocol=TLSv1
trustManagerAlgorithm=PKIX
trustStoreType=jks
keyStoreFile = Clientkeystore.jks
trustStoreFile = ClientTrustStore.jks
Code:
KeyStore trustStore = null;
trustStore.load(new FileInputStream(trustStoreFile), trustStorePass);
TrustManagerFactory tmf = TrustManagerFactory.getInstance(permissionFile.getProperty("PKIX", securityProvider);
tmf.init(trustStore);