[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: lang/openjdk11 certificates
Jonathan Perkin <jperkin%joyent.com@localhost> writes:
> * On 2021-01-26 at 13:55 GMT, Ryo ONODERA wrote:
>> David Brownlee <abs%absd.org@localhost> writes:
>> > On Sun, 24 Jan 2021 at 00:34, Robert Swindells <rjs%fdy2.co.uk@localhost> wrote:
>> >> Is anyone able to use lang/openjdk11 to do any https connections ?
>> >> Trying to use maven with it results in an error that trustAnchors are
>> >> empty.
>> >> Using lang/openjdk8 does work.
>> > I think that while both openjdk8 and openjdk11 build a default set of
>> > certificates, only openjdk8 installs them (running up a test to try to
>> > add them to the openjdk11 package this end to see if it affects the
>> > behaviour)
>> I think cecerts file is installed as java/openjdk11/lib/security/cecrts,
>> however it is not used properly.
>> cecerts's password is "changeit" and it is as same as jdk's default
>> password, and the password should be used automatically.
>> If you specify the password explicitly, SSL/TLS error will disappear
>> $ openjdk11-java -Djavax.net.ssl.trustStorePassword=changeit -jar josm-tested.jar
>> I do not find any clue to fix this problem yet.
> The options used in our (Joyent) openjdk11 build are slightly
> You could try those, notably this fix:
As you suggest, using jks type cacerts will work.
I think that keystore.type=pkcs12 in
should be converted to keystore.type=jsk too.
I cannot find any patch to change keystore.type in
This kind of patch is not required?
Anyway I will try to add "-storetype jsk".
> Jonathan Perkin - Joyent, Inc. - www.joyent.com
Ryo ONODERA // ryo%tetera.org@localhost
PGP fingerprint = 82A2 DC91 76E0 A10A 8ABB FD1B F404 27FA C7D1 15F3
Main Index |
Thread Index |