what is the contents in the keystore repository

Question

This is new concept to me and i understand a little bit after some googling; I have a cacerts file available on my server at work and is being used by my java application. I can use keytool untility to read the contents of this file, I understand that keystore is a repository of certificates and hold keys and certificates and encrypt them all with a password. In other words, a keystore is just like a hashtable which has an alias that identifies a certificate and then the certificate itself. Now, the question that I have is: where is the actual .pem cert file that was used to get the keystore loaded ? and is keystore holding the cert meta data or the link to the actual .pem file.

The reason i ask this is to import a certificate the command used is:

keytool -importcert -v -noprompt -trustcacerts -alias verisigndemocert 
-file verisign-demo-root-cert.pem -keystore cacerts 

where we tell the file name in "-file" attribute, so is the content getting loaded into keystore or the file location details ?

again when I see the list of certs in my keystore i can use a -list and when I do -v the entire cert is visible which makes me to think that the cert meta data is getting stored into the keystore file.

if anyone can explain in detail or point to link that would be helpful

Answer 1

The content is being loaded into the keystore. You can test this by deleting the .pem file after importing it into the keystore; listing the contents of the keystore will still show the certificate.