Java
Trust Store#
The location of the trust store is controlled using the javax.net.ssl.trustStore system property.
By default the java trust store lib/security/cacerts is used.
It is advisable to create an application trust store, so that server certificate chains that are imported will not be wiped by a java update.
Use the following command to create mytruststore and import all certificates from the java trust store:
keytool -importkeystore -srckeystore lib/security/cacerts -destkeystore mytruststore -noprompt
You can repeat the import as java is updated.
Temporary directory#
java.io.tmpdir
Memory#
Xms1G
Xmx1G
System Proxy#
http.proxyHost
http.proxyPort
http.proxyUser
http.proxyPassword
http.nonProxyHosts
caution
http.nonProxyHosts only allows leading wildcard
SSL Debugging#
javax.net.debug=all
Please download the SSLPoke class, unzip it and test the debug the SSL communication using
java -Djavax.net.debug=all SSLPoke untrusted-root.badssl.com 443