TrustedCerts.class is also a keyring that only contains the public certificate server's signer, also known as the trusted root certificate. TrustedCerts.class is automatically created by DIIOP, using the server's or Internet site key ring(s), when DIIOP is configured to listen on the SSL port. It is typically found under the domino\java directory.
The server will accept DIIOP SSL sessions from a remote Java client to encrypt the network traffic. DIIOP SSL currently does not support authentication with client certificates. When the Java client and the Domino server share a trusted root, they can establish an encrypted network session..
The notes.ini setting DIIOP_DUP_KEYRING=classname creates a Java class file that contains the same certificates that are in the TrustedCerts.class, but the class name can be user specified.
The class name can be used as a parameter to the methods, below, by including -ORBSSLCertificates=classname in the string array argument.
static public String getIOR(String host, String args[])
static public String getIOR(String host, String args[], String user, String passwd)