It looks like you are calling a web service where the HTTP connection is secure with TLS / SSL using X509 certificates. This means that the server has installed a keystore with these certificates, as well as the corresponding private keys. When you call the web service, the server retrieves the certificate used to establish trust (that is, to protect the TLS connection to the web service) from its keystore and sends it to the client. When a client receives a response from the server, it checks for trust in this certificate. Now we have two scenarios:
( , ), , . , Java, ( ) : $JAVA_HOME/lib/security/jssecacerts $JAVA_HOME/lib/security/cacerts. -Djavax.net.ssl.trustStore -Djavax.net.ssl.trustStorePassword TrustManager. , , . , . , X509TrustManager, .
, CA, , CA Java . , TLS .
, , ( , - HTTPS ).
, , . - , .
keystore vs truststore.
Java JKS.
, , .p7b, -. :
PKCS # 7/P7B
PKCS # 7 P7B Base64 ASCII .p7b .p7c. P7B "----- BEGIN PKCS7 -----" "----- END PKCS7 -----". P7B , . P7B, Microsoft Windows Java Tomcat.
, P7B ( ).
, . . ( P7B) , . P7B CER:
keytool -import -trustcacerts -alias web_service -keystore my_truststore.jks -file web_service.p7b
, CER, P7B CER, ( ):
openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer
, -Djavax.net.ssl.keyStore -Djavax.net.ssl.keyStorePassword KeyManager. , , .