Skip to content


Repository files navigation


Maven Central Maven Central (snapshot) Codecov Java Version


JVM Platform Status
OpenJDK (Temurin) Current Linux Build (OpenJDK (Temurin) Current, Linux)
OpenJDK (Temurin) LTS Linux Build (OpenJDK (Temurin) LTS, Linux)
OpenJDK (Temurin) Current Windows Build (OpenJDK (Temurin) Current, Windows)
OpenJDK (Temurin) LTS Windows Build (OpenJDK (Temurin) LTS, Windows)


The canonmill package provides a Keystore implementation designed to be less painful from an operational perspective than any of the Keystore implementations currently included in the standard JDK.


  • Exposes a simple directory-based keystore with a single XML file that maps certificate aliases to files. Keys and certificates are expected to be PEM-encoded regular files.
  • Implicit compatibility with ACME systems; ACME clients can simply copy certificate files into the directory and, as long as the certificates have an entry in the XML index file, the new certificates will become available as soon as the Keystore is reloaded.
  • A small, easily auditable codebase with use of modularity for correctness.
  • An extensive automated test suite with high coverage.
  • Platform independence. No platform-dependent code is included in any form.
  • OSGi-ready.
  • JPMS-ready.
  • ISC license.


See the documentation.