We have server application developed in Java to which agent connects. We need to secure network connection with Certificates signed by Trusted CAs.
Customers can use their own Certificate Authority to sign the certificates. So we need to add root certificates in truststore. We need to decide whether to use Java Keystore (cacerts) or Windows store.
What is the standard practice?
There are few points to consider
- Java do not have standard library to read windows store. We need to use JNI
- If we use java truststore then customer will have to explicitly add their certificates
We need to store public certificates and private keys.