I just created a truststore with the java keytool (for server authentication of a server that does not have a CA cert). However I just noticed something strange. I am starting my client like this:
java -Djavax.net.ssl.trustStore=<PATHSTUFF>/client.keystore -classpath <STUFF> Client
(Note: there is NOT a password specified)
The above call works.
However when I try this:
java -classpath <STUFF> Client
It does not work. (Obviously it does not work it requires the truststore).
I was expecting to need to pass in this option (but I did not):
-Djavax.net.ssl.trustStorePassword=mypass
Question: Do you not need a password to access a truststore? Is the password just for modification? What about a keystore?
The password is used to protect the integrity of a keystore. if you don't provide any store password, you can still read the contents of the keystore. The command keytool -list
demonstrates this behavior (use it with an empty password).