$JAVA_HOME/jre/lib/security/cacerts
file, and you can invoke Java with -Djavax.net.ssl.keyStore=/path/to/keystore
. Both of
these approaches are great at first, but they don't scale well. Do you really want to pollute every
SSL socket in your JVM (HTTP, LDAP, JDBC, RMI, etc...) with those system-wide changes? Commons-SSL let's you
control the SSL options you need in an natural way for each SSLSocketFactory, and those options
won't bleed into the rest of your system.openssl pkcs12
).any comments or whitespace up here are ignored -----BEGIN TYPE----- [...base64....] -----END TYPE----- any comments or whitespace down here are also ignored