Details on keystore backup Strategy
If is always a good idea to periodically backup your keystore files (.keystore, cacerts and any custom user store files). When this applet is first launched, a backup directory user.home\javascience is created, if not already present. The default .keystore and cacerts files are then copied into this directory for safe backup. Subsequent startups of the applet will not overwrite these initial backups. [The files must be removed for additional updates.] When ImportCert button is used, a second level of keystore file backup is used. The original default keystore (either cacerts or .keystore), which is NOT modified with this applet, is first backed up as cacerts_bak or .keystore_bak in the same directory as the keystore being targetted for import. If the "_bak" files are already present, they will be automatically overwritten . The selected keystore is then loaded into memory, and then the specified certificate (displayed in the text field) is imported, and a new keystore, either cacerts_new or .keystore_new is generated in the same directory as the original keystore. To use these new keystores as the default keystores and hence to be recognized by the j2 runtime environment, one must manually rename them to the corresponding original names (cacerts or .keystore).
This utility does NOT support generation or manipulation of certificate Key Entries nor does it support importing certificate request responses (PKCS10) at the present time.
JCA API, Reference & Examples