[SOLVED] - JAVA cacerts file

Issues related to applications and software problems
Post Reply
User avatar
warron.french
Posts: 616
Joined: 2014/03/27 20:21:58

[SOLVED] - JAVA cacerts file

Post by warron.french » 2018/10/29 23:30:34

Is the cacerts file created/generated/updated by the execution of

Code: Select all

update-ca-trust extract
Easily usable between Oracle JAVA and OpenJDK java?


Specifically, if I drop a ton of PEM files into /etc/pki/ca-trust/source/anchors directory, then execute

Code: Select all

update-ca-trust extract
I know that it will generate an updated cacerts file in the directory /etc/pki/ca-trust/extracted/java .

Can that file be copied into /usr/java/latest/lib/security, overwriting the cacerts file there, and still enable applications written explicitly with Oracle JAVA to execute and trust the code appropriately?

I would like to reduce my level of effort for maintaining 2 variants of JAVA (and no, we are not switching to openjdk; it is not an option), the Linux System Certificate Truststore, Citrix Receiver, the browsers of Firefox and Google Chrome.

I ran the command

Code: Select all

keytool -list -keystore cacerts  -storepass changeit
on both files and the results came back sane for both. I just don't want to introduce problems into a delicate system.
Last edited by warron.french on 2019/03/20 16:08:41, edited 1 time in total.
Thanks,
War

User avatar
warron.french
Posts: 616
Joined: 2014/03/27 20:21:58

Re: JAVA cacerts file

Post by warron.french » 2019/03/20 16:08:27

Replying to my own thread.

Yes, and the exact same cacerts file while work for OpenJDK JAVA8 as it does for Oracle JAVA8; for the sake of added clarity.
Thanks,
War

Post Reply