A bit of information on what certs to use with the Java library and WebSphere

Our sites are signed with GTE CyberTrust Global Root as the trusted root certificate authority. This public key is shipped with Sun’s java runtime in a file located at java.home/lib/security/cacerts. The alias for this key is “gtecybertrustglobalca”.

To export the key from the cacerts file:

keytool –keystore cacerts –exportcert –alias gtecybertrustglobalca > gte.crt

This public key should then be imported into WebSphere’s trusted store.

See the documentation for java’s keytool which specifies the arguments to keytool and provides a list of certificates included with the jre.

There is a new directory in the source named gtecerts that has the certificate in binary and rfc 1421 format.

