truststore

We had been using java standard keystore ( $JAVA_HOME/jre/lib/security/cacerts ) as the trusted store for tomcat. And that tomcat server would communicate with some other server. A recent OS(AIX) upgrade apparently over-wrote the file at $JAVA_HOME/jre/lib/security/cacerts and that resulted in lost certificates and lot of issues with application hosted in tomcat. Looking at this is it a bad practice to relay up on $JAVA_HOME/jre/lib/security/cacerts ? What are the alternate (better|standard) ways to tackle this scenario? In terms of what is in the cacerts file, it's not necessarily worse

Is there any function which tells me what's the current truststore being used in my program. On windows, the default trust store is at JAVA_HOME\lib\security\cacerts. However, the default can be changed in a variety of ways. Using -Djavax.net.ssl.keyStore in the command line Using Keystore class. If the program is running on an App Server under which the application runs may set the store path through it's panel. If the program is running on Tomcat, then Tomcat settings may change the truststore. and many other ways. Is there a programmatic way by which I can find out the disk path of the

I need to use curtom root certificates on the company intranet and loading them in the Mac OS TrustStore (KeyChain) does solve the problem for all browsers and GUI apps. It seems that it works even with the version of curl that ships with Mac OS X but it doesn't work with python , even the version that ships with Mac OS 10.12 Sierra (Python 2.7.10) Still, it seems that I would be hit by: urllib2.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)> How can I solve this? Because I encounter this issue in lots and lots of Python tools I would really