Skip to main content
Version: 3.5.2

Java

Trust Store#

The location of the trust store is controlled using the javax.net.ssl.trustStore system property.

By default the java trust store lib/security/cacerts is used.

It is advisable to create an application trust store, so that server certificate chains that are imported will not be wiped by a java update.

Use the following command to create mytruststore and import all certificates from the java trust store:

keytool -importkeystore -srckeystore lib/security/cacerts -destkeystore mytruststore -noprompt

You can repeat the import as java is updated.

Temporary directory#

java.io.tmpdir

Memory#

Xms1G Xmx1G

System Proxy#

http.proxyHost http.proxyPort http.proxyUser http.proxyPassword http.nonProxyHosts

caution

http.nonProxyHosts only allows leading wildcard

SSL Debugging#

javax.net.debug=all

Please download the SSLPoke class, unzip it and test the debug the SSL communication using

java -Djavax.net.debug=all SSLPoke untrusted-root.badssl.com 443