Java multiple keystores check order

Question

I'd like to know is there any way to check default keystore if necessary key is not found in specified keystore or how to set keystores checking order.

For example - I have two keystores:

• Global java default keystore (like cacerts)
• "Folder1/mykestore.jks" which contains my uploaded self-signed certificates.

I set property in my program:

System.setProperty("javax.net.ssl.keyStore","Folder1/mykeystore.jks");

And programs tries to connect with certificate from mykeystore.jks, but doesn't found it, so throws exception. Now I'd like to oblige my program to check also global default keystore or any other keystore if exists.

I ned to do it in my application, where user can defines some mailboxes and can upload self-signed certificates. Application works good with self-signed certificates, but doesn't works with public mailboxes (like GMail) with official certs, because they are not exists in mykestore.jks. (When I try to connect without specify keyStore property, it connects without any problems)

Probably the easiest way is something like:

try{
  System.setProperty("javax.net.ssl.keyStore","Folder1/mykeystore.jks");
  store.connect(host,login,password)
catch{
  //Set default keystore
  //try store.connect() again
}

but the problem is I dont know how to set default java keystore (it is an gralils app, and I don't know path to default keystore).

Maybe is there another, better way, you could recomend me?

Regards, Artur

Answer 1

The simplest thing would be to just make a copy of the default keystore from the JDK and use that as the initial keystore for your application, adding more certificates to it as necessary.