Re: lang/openjdk11 certificates

To: David Brownlee <abs%absd.org@localhost>, Robert Swindells <rjs%fdy2.co.uk@localhost>
Subject: Re: lang/openjdk11 certificates
From: Ryo ONODERA <ryo%tetera.org@localhost>
Date: Tue, 26 Jan 2021 22:55:05 +0900

Hi,

David Brownlee <abs%absd.org@localhost> writes:

> On Sun, 24 Jan 2021 at 00:34, Robert Swindells <rjs%fdy2.co.uk@localhost> wrote:
>>
>> Is anyone able to use lang/openjdk11 to do any https connections ?
>>
>> Trying to use maven with it results in an error that trustAnchors are
>> empty.
>>
>> Using lang/openjdk8 does work.
>
> I think that while both openjdk8 and openjdk11 build a default set of
> certificates, only openjdk8 installs them (running up a test to try to
> add them to the openjdk11 package this end to see if it affects the
> behaviour)

I think cecerts file is installed as java/openjdk11/lib/security/cecrts,
however it is not used properly.

cecerts's password is "changeit" and it is as same as jdk's default
password, and the password should be used automatically.

If you specify the password explicitly, SSL/TLS error will disappear
like:

$ openjdk11-java -Djavax.net.ssl.trustStorePassword=changeit -jar josm-tested.jar

I do not find any clue to fix this problem yet.

> David

-- 
Ryo ONODERA // ryo%tetera.org@localhost
PGP fingerprint = 82A2 DC91 76E0 A10A 8ABB  FD1B F404 27FA C7D1 15F3

Follow-Ups:
- Re: lang/openjdk11 certificates
  - From: Jonathan Perkin

References:
- lang/openjdk11 certificates
  - From: Robert Swindells
- Re: lang/openjdk11 certificates
  - From: David Brownlee

Prev by Date: Re: Build problems in graphviz and xentools413
Next by Date: Re: lang/openjdk11 certificates
Previous by Thread: Re: lang/openjdk11 certificates
Next by Thread: Re: lang/openjdk11 certificates
Indexes:

Home | Main Index | Thread Index | Old Index