How do I find out what truststore file a Java VM has actually loaded?

Question

How do I programatically find what java keystore file my JVM's default TrustManager is using?

This question is similar, but the answers are all actually about which keystore file it should be using. I want to display in my program the actual keystore file that the JVM has loaded.

Update: Question: 'why don't I know? answer is my application is running on customer environments I don't control, so I dont know.

Update: Question: 'There is no default keystore, but there is a default truststore': I've updated my question. I'm trying to learn the keystores in use by the default truststore.

Update: The impetus behind this question is I want to dispay in my app what keystore needs updating. The admin operating the application often has trouble determining the correct jvm in use, let alone the correct keystore. I want to give a clue to the admin what keystore they need to be updating. Yes I know the admin 'should' know a lot of things about java and keys that they probably do not.

Answer 1

How do I programatically find what java keystore file my JVM's default TrustManager is using?

It is given by the content of javax.net.ssl.trustManager, if set, otherwise it is the lib/security/jssecacerts file in the JRE folder if present, otherwise it is the lib/security/cacerts file.

This is all specified in the JSSE Reference Guide.

The impetus behind this question is I want to dispay in my app what keystore needs updating.

I don't know why you think a Java-supplied truststore file would need updating, but you're mistaken, unless you're dealing with self-signed certificates, in which case the real answer is "don't".