![]() JAVA_VERSION="11" java SSLPoke google.ca 443 JAVA_VERSION="11" keytool -list -rfc -keystore /root/hll_jdk11_cacerts | grep hllĬp -p /root/hll_jdk11_cacerts /usr/local/openjdk11/lib/security/cacertsĪs far as I can determine, certificates issued by CA_HLL_ISSUER_2016 and CA_HLL_ROOT_2016 should now be recognized as trusted by java on this host. file /usr/local/etc/pki/tls/certs/CA_HLL_ISSUER_2016.crt \ file /usr/local/etc/pki/tls/certs/CA_HLL_ROOT_2016.crt \ ![]() I have manually added the private CA root and intermediate certificates to this store: cp -p /usr/local/openjdk11/lib/security/cacerts /usr/local/openjdk11/lib/security/cacerts.clnĬp -p /usr/local/openjdk11/lib/security/cacerts /root/hll_jdk11_cacerts This, I believe contains the trusted certificate list used by Java. The java cacerts fie is located in /usr/local/openjdk11/lib/security/cacerts. I have found and read multiple articles on how this is supposed to be done but my efforts are not able to accomplish what I need. I am unable to discover how a private CA root certificate and its intermediates are added to the java trusted certificates. I have a need to use a private CA and its certificates in a java application. In these cases one must ensure that the alias of the certificate java is looking for matches the alias it is actually using to find it. the keystore alias setting is extremely significant to certain java applications (for example: iDempiere in its Jetty provider ssl configuration (./jettyhome/etc/jetty-ssl-context.xml). Tl dr - get KeyStore Explorer ( ) and save yourself a world of trouble.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |