Where should I put the keystore certificate on Tomcat?

Zac Jacobson

Additional info
I could make a connection to a particular host with port 443 under MS-DOS mode, but when I used it with Tomcat, I always got NullPointerException. It seems it couldn't find the file "cacerts".
I don't know where I should put it onto Tomcat. I tried make a directory called keystore, but it still didn't work. The code as below:

String host = "";
int port = 443;
SSLSocketFactory factory = null;
SSLContext ctx = SSLContext.getInstance("TLS");
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
KeyStore ks = KeyStore.getInstance("JKS");
char[] passphrase = "group8".toCharArray();
ks.load(new FileInputStream("cacerts"), passphrase);
kmf.init(ks, passphrase);
ctx.init(kmf.getKeyManagers(), null, null);
factory = ctx.getSocketFactory();
socket = (SSLSocket)factory.createSocket(host, port);

The code is looking in the directory that Tomcat is started from, the current working directory. If that's not were "cacerts" is, then it won't find it.

If you're looking for the default "cacerts" file for the JVM, then ask for the system property "java.home", it should be in "jre/lib/security" relative to that...

If you want to use the default JVM SSL stuff, you don't need to build an SSLContext anyway. You can just say:
String host = "";
int port = 443;
SSLSocketFactory factory = (SSLSocketFactory)SSLSocketFactory.getDefault();
SSLSocket socket = (SSLSocket)factory.createSocket(host, port);
The only issue is that it doesn't initialize everything until the first connection is attempted, so the first connection will take much longer than subsequent connections.