Java
#
Trust StoreThe location of the trust store is controlled using the javax.net.ssl.trustStore
system property.
By default the java trust store lib/security/cacerts
is used.
It is advisable to create an application trust store, so that server certificate chains that are imported will not be wiped by a java update.
Use the following command to create mytruststore
and import all certificates from the java trust store:
keytool -importkeystore -srckeystore lib/security/cacerts -destkeystore mytruststore -noprompt
You can repeat the import as java is updated.
#
Temporary directoryjava.io.tmpdir
#
MemoryXms1G
Xmx1G
#
System Proxyhttp.proxyHost
http.proxyPort
http.proxyUser
http.proxyPassword
http.nonProxyHosts
caution
http.nonProxyHosts
only allows leading wildcard
#
SSL Debuggingjavax.net.debug=all
Please download the SSLPoke class, unzip it and test the debug the SSL communication using
java -Djavax.net.debug=all SSLPoke untrusted-root.badssl.com 443