Also, I wouldn't rely on the file necessarily always being available at that path. For instance, if a later update to Android includes the ability for the end-user to add root certificates, then the mechanism for the certificate store would likely change.
For a desktop J2SE installation, you would set the Java system property "javax.net.ssl.trustStore" on the Java command-line to point to the default KeyStore. In contrast, on Android, if you create a TrustManagerFactory and specify a null KeyStore in the init() method, then Android sets the "javax.net.ssl.trustStore" Java system property to point to that cacerts.bks file and you therefore get your TrustManagerFactory populated with those certificates (as a side- effect, you can also find out where the file is by querying the javax.net.ssl.trustStore Java system property). See http://developer.android.com/reference/javax/net/ssl/TrustManagerFactory.html#init%28java.security.KeyStore%29 And, for those who are interested, the code where this is done is on lines 53-62 here: http://android.git.kernel.org/?p=platform/dalvik.git;a=blob;f=libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerFactoryImpl.java;hb=HEAD While this mechanism also doesn't appear to be documented, I would suggest that using this is preferable to relying on the particular pathname of the cacerts.bks file. On Mar 15, 8:47 pm, Kumar Bibek <coomar....@gmail.com> wrote: > Yes, this would be available in all the devices. This is a storehouse > of all the valid certificates that Android(Browser and other apps) > accepts by default. > > But, I guess, with this fact, you don;t have much freedom to do > anything with this file. You cannot edit this file from your program > if that is what you are looking for. You cannot even update this file > on a device through the adb. > > Thanks and Regards, > Kumar Bibek > > On Mar 15, 12:19 pm, p c <pc.023...@gmail.com> wrote: > > > cacerts.bks is a certificate store, which is present on Droid at the > > location /system/etc/security/cacerts.bks. > > > Would this certificate store be present on all the devices ? I > > searched through the Android documentation but could not find any > > mention of it. > > > Does the default Android browser and mail client use it ? If not do > > they ship with their own certificate store ? -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
