How to obtain the location of cacerts of the default java installation?
JavaSecurityJava Problem Overview
I am looking on how how to obtain the location of cacerts of the default java installation, when you do not have JAVA_HOME or JRE_HOME defined.
I need a solution that works at least for OS X and Linux.
Yes. java -v is assumed to work :)
Java Solutions
Solution 1 - Java
Under Linux, to find the location of $JAVA_HOME:
readlink -f /usr/bin/java | sed "s:bin/java::"
the cacerts are under lib/security/cacerts:
$(readlink -f /usr/bin/java | sed "s:bin/java::")lib/security/cacerts
Under mac OS X , to find $JAVA_HOME run:
/usr/libexec/java_home
the cacerts are under Home/lib/security/cacerts:
$(/usr/libexec/java_home)/lib/security/cacerts
UPDATE (OS X with JDK)
above code was tested on computer without JDK installed. With JDK installed, as pR0Ps said, it's at
$(/usr/libexec/java_home)/jre/lib/security/cacerts
Solution 2 - Java
As of OS X 10.10.1 (Yosemite), the location of the cacerts file has been changed to
$(/usr/libexec/java_home)/jre/lib/security/cacerts
Solution 3 - Java
If you need to access those certs programmatically it is best to not use the file at all, but access it via the trust manager. The following code is from a OpenJDK Test case (which makes sure the built cacerts collection is not empty):
TrustManagerFactory trustManagerFactory =
TrustManagerFactory.getInstance("PKIX");
trustManagerFactory.init((KeyStore) null);
TrustManager[] trustManagers =
trustManagerFactory.getTrustManagers();
X509TrustManager trustManager =
(X509TrustManager) trustManagers[0];
X509Certificate[] acceptedIssuers =
trustManager.getAcceptedIssuers();
So you don’t have to deal with file location or keystore password.
Solution 4 - Java
In MacOS Mojave, the location is:
/Library/Java/JavaVirtualMachines/jdk1.8.0_192.jdk/Contents/Home/jre/lib/security/cacerts
If using sdkman to manage java versions, the cacerts is in
~/.sdkman/candidates/java/current/jre/lib/security
Solution 5 - Java
In High Sierra, the cacerts is located at : /Library/Java/JavaVirtualMachines/jdk1.8.0_25.jdk/Contents/Home/jre/lib/security/cacerts
Solution 6 - Java
For Java 9 onwards, it's in
> ${JAVA_HOME}/lib/security/cacerts
as opposed to the usual
> ${JAVA_HOME}/jre/lib/security/cacerts
Solution 7 - Java
You can also consult readlink -f "which java". However it might not work for all binary wrappers. It is most likely better to actually start a Java class.
Solution 8 - Java
In Ubuntu 20.04.3 LTS, the cacerts is located at: /etc/ssl/certs/java/cacerts
$ java --version
openjdk 11.0.11 2021-04-20
OpenJDK Runtime Environment (build 11.0.11+9-Ubuntu-0ubuntu2.20.04)
OpenJDK 64-Bit Server VM (build 11.0.11+9-Ubuntu-0ubuntu2.20.04, mixed mode, sharing)
$ ls -lah /usr/lib/jvm/java-11-openjdk-amd64/lib/security/cacerts*
/usr/lib/jvm/java-11-openjdk-amd64/lib/security/cacerts -> /etc/ssl/certs/java/cacerts