Trusted Certificate Import Utility

M. Gallant 03/16/2005

This JavaPlugin1.4+ signed displays the details of a X509 certificate (v1,v2,v3) and facilitates importing Trusted Certificate Entries into an end-user's default cacerts trusted CA certs database, or the default .keystore file. A certificate file can be selected either from a local file dialog, or from a URL to a certificate deployed from a web server. This functionality provides easier importing of trusted root CA certificates, or trusted colleague's self-signed test certificates.
To import a selected certificate into a default Java2 keystore:


Note: The original certificate store is NOT modified. A new certificate store (.keystore_new or cacerts_new) is generated.

Details on keystore backup Strategy
If is always a good idea to periodically backup your keystore files (.keystore, cacerts and any custom user store files). When this applet is first launched, a backup directory user.home\javascience is created, if not already present. The default .keystore and cacerts files are then copied into this directory for safe backup. Subsequent startups of the applet will not overwrite these initial backups. [The files must be removed for additional updates.] When ImportCert button is used, a second level of keystore file backup is used. The original default keystore (either cacerts or .keystore), which is NOT modified with this applet, is first backed up as cacerts_bak or .keystore_bak in the same directory as the keystore being targetted for import. If the "_bak" files are already present, they will be automatically overwritten . The selected keystore is then loaded into memory, and then the specified certificate (displayed in the text field) is imported, and a new keystore, either cacerts_new or .keystore_new is generated in the same directory as the original keystore. To use these new keystores as the default keystores and hence to be recognized by the j2 runtime environment, one must manually rename them to the corresponding original names (cacerts or .keystore).

Further Details
This utility does NOT support generation or manipulation of certificate Key Entries nor does it support importing certificate request responses (PKCS10) at the present time.

References:
JCA API, Reference & Examples
Keystore Class
Certificate Class