Changeset 55bcdd7 for general/prog/ojdk-conf.xml

Timestamp:

03/15/2018 05:42:49 PM (6 years ago)

Author:

Pierre Labastie <pieere@…>

Branches:

10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

ce005d8d

Parents:

0dc1b7b

Message:

Move the instructions to install the JAVA CA certificates to "Configuring the
JAVA environment" and host jtreg on anduin.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@19953 af4574ff-66df-0310-9fd7-8a98e5e911e0

File:

• general/prog/ojdk-conf.xml (modified) (2 diffs)

general/prog/ojdk-conf.xml

@@ -15 +15 @@
 
   <title>Configuring the JAVA environment</title>
+
+  <sect2 id="java-profile">
+    <title>Setting up the environment</title>
 
     <para>
@@ -75 +78 @@
 mandb -c /opt/jdk/man</userinput></screen>
 
+  </sect2>
+
+  <sect2 id="ojdk-certs" xreflabel="installing the JVM Certificate Authority Certificates">
+
+    <title>Setting up the Certificate Authority Certificates for Java</title>
+
     <para>
-      The installation of the JRE certificate authority bundle
-      is described in the <xref linkend="ojdk-certs"/> section.
+      <application>OpenJDK</application> uses its own format for the
+      CA certificates. The Java security modules use
+      <envar>$JAVA_HOME</envar><filename>/lib/security/cacerts</filename> by
+      default. In order to keep all the certificates in one place, we use
+      <filename>/etc/ssl/java/cacerts.jks</filename>. That file should be
+      generated using the system PKI trust store. The instructions
+      on the <xref linkend="make-ca"/> page should be used to update the file
+      located in <filename class="directory">/etc/ssl/java</filename>.
+      Run the conversion and setup a symlink in the default location as the
+      <systemitem class="username">root</systemitem> user:
     </para>
 
+<screen role="root"><userinput>/usr/sbin/make-ca -g --force &amp;&amp;
+ln -sfv /etc/ssl/java/cacerts.jks /opt/jdk/lib/security/cacerts</userinput></screen>
+
+    <para>
+      Use the following commands to check if the <filename>cacerts</filename>
+      file has been successfully installed:
+    </para>
+
+<screen role="root"><userinput>cd /opt/jdk
+bin/keytool -list -cacerts</userinput></screen>
+
+    <para>
+      At the prompt <computeroutput>Enter keystore password:</computeroutput>,
+      enter <userinput>changeit</userinput> (the default) or just press the
+      <quote>Enter</quote> key. If the <filename>cacerts</filename> file was
+      installed correctly, you will see a list of the certificates with
+      related information for each one. If not, you need to reinstall them.
+    </para>
+
+    <para>
+      If you later install a new JVM, you just have to create the symlink in
+      the default location to be able to use the cacerts.
+    </para>
+
+  </sect2>
+
 </sect1>