Should I always load keyStore explicitely in my WebClient for authorized services?

Question

I have a java keystore with which I can connect to a protected https third-party service. I use this keystore explicitely in my code when I initialize my web client:

Answer 1

Accordingly to the answer of @Bruno in How to acess jvm default KeyStore? there is no default KeyStore in java. That means that if you run the app with

-Djavax.net.ssl.keyStorePassword=changeit -Djavax.net.ssl.keyStore=/opt/app/certificates/keyStore.jks

this will also require to parse them in your code like

  private static final String filePath = System.getProperty("javax.net.ssl.keyStore");
  private static final String password = System.getProperty("javax.net.ssl.keyStorePassword");

and then use explicitly in your HttpClient (like in Solution #1). In other words, just specifying the properties for keyStore is useless if you will not parse them manually and not use them for your HttpClient. This is what I was trying to understand when I had posted my question.

This is an important difference from system properties for TrustStore like

-Djavax.net.ssl.trustStorePassword=changeit -Djavax.net.ssl.trustStore=/opt/app/certificates/cacert

Specifying these properties does not require any extra code. As there is a default TustStore which will be created automatically by JVM from the properties. An then httpClient will just use that default TrustStore without any efforts from a developer.