JAVA cacerts file

Issues related to applications and software problems
Post Reply
User avatar
warron.french
Posts: 291
Joined: 2014/03/27 20:21:58

JAVA cacerts file

Post by warron.french » 2018/10/29 23:30:34

Is the cacerts file created/generated/updated by the execution of

Code: Select all

update-ca-trust extract
Easily usable between Oracle JAVA and OpenJDK java?


Specifically, if I drop a ton of PEM files into /etc/pki/ca-trust/source/anchors directory, then execute

Code: Select all

update-ca-trust extract
I know that it will generate an updated cacerts file in the directory /etc/pki/ca-trust/extracted/java .

Can that file be copied into /usr/java/latest/lib/security, overwriting the cacerts file there, and still enable applications written explicitly with Oracle JAVA to execute and trust the code appropriately?

I would like to reduce my level of effort for maintaining 2 variants of JAVA (and no, we are not switching to openjdk; it is not an option), the Linux System Certificate Truststore, Citrix Receiver, the browsers of Firefox and Google Chrome.

I ran the command

Code: Select all

keytool -list -keystore cacerts  -storepass changeit
on both files and the results came back sane for both. I just don't want to introduce problems into a delicate system.


Last bumped by warron.french on 2018/10/29 23:30:34.
\\War

Post Reply