cacerts : Java Glossary

A file used to keep the root certificates of signing authorities.

The default password for the .cacerts file is changeit.

In the JRE (Java Runtime Environment) look for it in:

Since cacerts is a binary file, you must view it with keytool.exe using code like this.

Just to confuse you, there are even other copies of it in C:\Program Files\Java Web Start\cacerts. On my machine I found 10 copies! Lot’s of luck guessing which one it is using at any given time.

Since you implicitly trust all the CA (Certificate Authority)s in the cacerts. file for code signing and verification you must manage the cacerts. file carefully. The cacerts. file should contain only certificates of the CAs you trust.

cacerts. is stored in JKS (Java Key Store) format similar to PKCS (Public-Key Cryptography Standards) #12 containing only public keys, protected by a passphrase, but no private keys. It may also contain SSL (Secure Sockets Layer) keys.

The first four signature bytes of a Sun cacerts. file in hex are FEEDFEED.

You can find the cacerts file with a system property, that will be visible in a browser: deployment.user.security.trusted.cacerts = C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\security\trusted.cacerts