Hi Sean, what you propose sounds really good. The DKSTest I found https://github.com/openjdk/jdk/blob/8be16160d2a6275ff619ea4cebb725475c646052/test/jdk/sun/security/provider/KeyStore/DKSTest.java#L111
mentions also ‘system’ , is this the system (OS , e.g. Windows) – keystore or the cacert ? The documentation at https://docs.oracle.com/en/java/javase/25/docs/api/java.base/java/security/DomainLoadStoreParameter.html mentions ‘system’ as keystore system-truststore but there it is pointing to keystoreURI="${java.home}/lib/security/cacerts"; Best regards, Matthias >Hi, >There is already a feature in the JDK that is close to what you are looking >for. There is a KeyStore type called "DKS" (called the DomainKeyStore). See >https://docs.oracle.com/en/java/javase/25/docs/api/java.base/java/security/DomainLoadStoreParameter.html > for more info on how to configure it. >Basically, it uses a config file to present a collection of keystores as one >logical keystore. >Currently there is no way to specify the configuration file as a system >property, so you would have to write a custom TrustManagerFactory. >I would try seeing if this solution is workable and we can think about whether >adding a system property for the config file is something that would be useful. >--Sean
