On Oct 8, 2014, at 10:43, Xuelei Fan <xuelei....@oracle.com> wrote: > I think Keytool should be independent of JSSE.
Yes. However, I can think of adding a new system property called "jdk.keytool.cacerts" so that people can point it to a file not jre/lib/security/cacerts. This would be useful for the bug reporter and we can now finally testing the -trustcacerts option. --Max
