JRE1.2 , 1.3 and 1.4 are preconfigured with several well-know
root CA certificates in the cacerts trusted certificate file, typically
at location:
C:\Program Files\JavaSoft\JRE\1.4\lib\security\cacerts
For custom root CA certificates (for example, CAs deployed on corporate
intranets, or self-signed "test" root certificates), one must explicitly import the root CA certificate into cacerts
using the JRE1.2+
keytool.exe utility.
For the Win32 platform, a typical import command might be:
assuming that the command is executed from a current directory of:
[The full path to the local certificate file customcacertfile.cer must be specified
if not in this bin directory.]
Alternatively, if your J2SE bin directory is on your system path (typically recommended), just move your cacerts file and the root CA
certificate to be imported into the same current directory and execute from that directory:
and then move the cacerts file back to the correct jre deployment directory specified above. Be sure to back up your original cacerts file,
should the updated cacerts file become corrupted.
A password prompt is presented
(default initial value is changeit) when the cacerts key file is accessed.
[Note that this default password for the cacerts system file is not the same as the (initially absent) default .keystore file for which the end user
must explicitly determine the password the first time it is created!.]
Once the custom CA certificate is imported, any code signed with a code-signing certificate issued by the new custom CA, or code signed with a test self-signed "root" certificate will be properly recognized and authenticated.