15 January 2013

How To List All Certificates in the JDK cacerts File

Lately I've been working on a project that requires the use of SSL and therefore certificates. While working though the necessary tasks, I became curious about the number of certificates that exist in the default truststore in the JDK for Mac OS X (it's named cacerts). Well using Java's keytool utility it's easy to take a peek at them. Here's how to list them:
$ echo 'changeit' | keytool -list -v -keystore $(find $JAVA_HOME -name cacerts) | grep 'Owner:'
Enter keystore password:  Owner: CN=TWCA Root Certification Authority, OU=Root CA, O=TAIWAN-CA, C=TW
Owner: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Owner: CN=NetLock Uzleti (Class B) Tanusitvanykiado, OU=Tanusitvanykiadok, O=NetLock Halozatbiztonsagi Kft., L=Budapest, C=HU
Owner: CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
Owner: CN=Wells Fargo Root Certificate Authority, OU=Wells Fargo Certification Authority, O=Wells Fargo, C=US
Owner: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU
Owner: CN=Global Chambersign Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU
Owner: OU=RSA Security 2048 V3, O=RSA Security Inc
This results in a tremendous amount of output hence the grep to list just the owner. According to this method of listing the certs in the default truststore, there are 183. I just glanced through the list and they seem to come from CAs all over the world. I wonder how it was determined which certs to place in the default truststore?


  1. Have you found anything out since this post? I've been dealing with some strange cross platform malware that cannot be detected easily by any is or any av system and as far as Micro$oft goes for windows, they'll only say that windows is corrupt and needs to be reinstalled, even on their arm based surface rt. I've found vbs,INI,json, java and qt4 files in one folder that have similar instructions. I think somehow, some way, the certs allow this to be installed. Perhaps a given app or visit to the wrong site at the wrong time downloads the cert then that opens up the system to remote servers to push the malware or pua/pup to the device. I first noticed this march 2014 when an ad for an app called mobogenie popped up on android. Upon dismissing it, no download icon appeared no install notification appeared but the following day, mobogenie was installed. The developers even acknowledged it in the play store release notes apologizing to the users last April or may. It likely propagated itself to my PC on USB connection then from there to my flash drives including ones I'd use for live boot Linux distros. Whatever this is consistently on all platforms begins to change file access permissions and user privileges and only upon manual attempts to disable or remove will it begin to really activate. It's strange, because in windows it takes over the trusted installer account and sets up numerous variations of services or programs in system32 folder and seems to monitor user actions and do long as you don't mess with it, it won't need with you. As soon as you do, it acts like a slow cryptolocker ransom ware without ever showing a random note, slowly moving menu tees, renaming file to random strings and random extensions. Netstat shows thousands of foreign ip's and even if I flash the bios, memory and wipe the hdd, as soon as I'm back online it somehow starts back up all over again. Even installing a new router of different brand didn't help. I've traced IP addresses found in logs on the phone, PC,rt,and router and they all end in hong Kong or shenizen China. What's going on? Jan 2015 and still no answer.

  2. It also affected my iPod touch that wasn't jb but I don't recall if I had any screenshots it files as I just flashed and sold it but in the massive archive of photos and logs I have they're may be some