|
How to add a certificate authority (CA) certificate to the OpenJDK cacerts
OpenJDK on CentOS 5 stores it's root CA's in the file '/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/security/cacerts'. With the alternatives support it has a few aliases e.g. '/usr/lib/jvm/jre-openjdk/lib/security/cacerts'. The 'cacerts' java keystore has a passphrase of 'changeit'. Convert
The public key certificates need to be in DER format (not PEM). Use openssl to convert the ca certificate if necessary: $ openssl x509 -in my-ca.crt -inform pem -out my-ca.der -outform der Display Information
The DER enocoded certificate can be displayed: $ keytool -v -printcert -file my-ca.der The cacerts keystore can be dumped to verify if a public key certificate is present (the passphrase is 'changeit'): $ keytool -v -list -keystore \ /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/security/cacerts Import the certificate
# keytool -importcert -alias local-CA \ -keystore /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/security/cacerts \ -file my-ca.der The password for the cacerts keystore is 'changeit'. Links
Document Actions |