On Oct 8, 2014, at 16:01, Xuelei Fan <[email protected]> wrote: > It looks strange to me now that this keytool command cannot specify the > customized trusted anchor sources. Normally, the key store of the trust > anchor should be customizable so that users can use the trust anchor > other than the cacerts key store. For example, in JSSE, application is > able to use key store other than cacerts as the trust store; in PKIX > certification path building and validation, application is also able to > specify the trust store.
It will be ugly if we add too many options for keytool. I'll think about creating some new system properties. --Max
