while importing a certificate with keytool , Why to use trustcacerts option

ssl

keytool -import -trustcacerts

I am confused with this trustcacerts option of keytool

when i googled on this i found out these points

1 .Depending on the situation you may not require the -trustcacerts option. Try the operation without it if you like.

The –trustcacerts argument tells keytool that you want to import this as a trusted certificate.

Use the cacerts file to obtain trusted certificates from certificate autorities that have signed the certificate that is being imported.

At last i found out that , this trustcacerts is optional , but i have got a below query also

generally any Developer/CEO of the website wants that their site to be belived by the Customers , then why do we need to expllicitly specify this with the keytool command ??

Thanks


When you import a certificate other than a self-signed root certificate (e.g. intermediate certificates), keytool tries to build and validate a proper certificate path first.

If you use the trustcacerts parameter, then for building the path, keytool will not only consider the certificates already contained in the trust store, but it will additionally consider the certificates contained in the cacerts key store (this file is located in the lib/security folder of your JRE installation). The certificates in cacerts are a kind of default trust list, the officially trusted root certificates (similar to the lists your browser trusts by default).

The option is not really necessary since you can always force the import for a certificate. It also makes no sense when importing a self-signed root certificate, because no certificate path can be built in this situation - you either trust a root or you don't.

But it may be a nice feature if you know that the imported certificate should be issued by one of the certificates contained in cacerts - keytool would warn you if it still could not build and validate an entire certificate path - which would most likely be a warning that something is not right with the certificate you tried to import.

Related

Is string concatenation in scala as costly as it is in Java?
What is the difference between std::quick_exit and std::abort and why was std::quick_exit needed?
Is the List<T>.ForEach() method gone?
RESTful Soft Delete
Given a linux username and a password how can I test if it is a valid account? [closed]
XMLHttpRequest Access Denied with AngularJS on any IE version below 10
return default if pandas dataframe.loc location doesn't exist
How do you call an instance of a class in Python?
Difference between block (Objective-C) and closure (Swift) in iOS
Calling a static method by repeating the object name?
How to remove every occurrence of sub-list from list
Regular expression to skip character in capture group