In the java.security file, you can specify the keystore.type value. However, that looks like it changes the default keystore type for all JVM instances. I just want to change it for one instance.
Currently, it is set to "jks", but I need it to be "jceks". I tried -Djava.security.keystore.type=jceks but that doesn't seem to do what I want it to do.
What's the right way to do this?
-Dname=value sets a system property; the settings in java.security are security properties not system properties, and cannot be directly set on command line. You can create a supplementary (or replacement) file and specify that with a sysprop -Djava.security.properties=name_of_file_containing_keystore_setting as long as you (or anyone else) did not change the default setting of security.overridePropertiesFile=true in java.security. Similar: How can I disable TLSv1 without change source code? .
Note that if you only need to change the type of the truststore and/or keystore used by JSSE for SSL/TLS/HTTPS/etc by default, those do use sysprops javax.net.ssl.{trust,key}StoreType (along with {trust,key}Store{,Password}).
Also you might want to be aware that Java9 up changes the as-installed default to PKCS12, which is both more secure and more portable/interoperable than JKS.