javax.net.ssl.trustStore Java System Property

Default Value

Empty - By default Java will use the cacerts file that ships with the JVM.

Overview of javax.net.ssl.trustStore

The javax.net.ssl.trustStore system property specifies a file system path to a certificate authority (CA) keystore file. You can typically use the default cacerts file that ships with java, but if you need to add your own internal CA certs, or find that the cacerts file that your JVM is using is out of date you can override it with this system property.

If you are using an outdated version of java, and it is possible to update to a newer version this will be a good approach. Otherwise you will need a method to keep the cacerts file up to date. Trusted certificate authorities may be added, or worse removed/revoked and you should no longer trust certificates which have been revoked.

Other Networking System Properties

Here are some other networking Java system properties:

• http.agent
• http.keepAlive
• http.maxConnections
• https.protocols
• java.net.preferIPv4Stack
• java.net.preferIPv6Addresses
• javax.net.debug
• jdk.net.hosts.file
• jdk.tls.client.protocols
• jdk.tls.disabledAlgorithms
• networkaddress.cache.ttl
• sun.net.inetaddr.ttl

Supported Since

Java has supported the javax.net.ssl.trustStore system property since at least version 1.8, support may go back to even older versions of java.

Setting javax.net.ssl.trustStore on Startup

You can set the javax.net.ssl.trustStore java system property during startup of the java runtime using the -D command line argument:

java -Djavax.net.ssl.trustStore=/path/to/cacerts.jks MyAppMain

You may also be able to specify javax.net.ssl.trustStore via the JAVA_TOOL_OPTIONS environment variable:

JAVA_TOOL_OPTIONS=-Djavax.net.ssl.trustStore=/path/to/cacerts.jks

Setting / Reading javax.net.ssl.trustStore at Runtime

You can set javax.net.ssl.trustStore at runtime with the following Java code:

System.setProperty("javax.net.ssl.trustStore", "/path/to/cacerts.jks");

WARNING: Depending on the property and JVM version using setProperty may or may not work if the JDK Java class that uses this variable has already been loaded. The value of the javax.net.ssl.trustStore system property may be cached within an internal private static variable of the implementing class.

To read the value of javax.net.ssl.trustStore at runtime, you can use this Java code:

String propertyValue = System.getProperty("javax.net.ssl.trustStore");
if (propertyValue != null) {
    System.out.println("javax.net.ssl.trustStore = " + propertyValue);
} else {
    System.out.println("javax.net.ssl.trustStore was null");
}