Changeset 55bcdd7 for general/prog/ojdk-conf.xml
- Timestamp:
- 03/15/2018 05:42:49 PM (6 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- ce005d8d
- Parents:
- 0dc1b7b
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
general/prog/ojdk-conf.xml
r0dc1b7b r55bcdd7 15 15 16 16 <title>Configuring the JAVA environment</title> 17 18 <sect2 id="java-profile"> 19 <title>Setting up the environment</title> 17 20 18 21 <para> … … 75 78 mandb -c /opt/jdk/man</userinput></screen> 76 79 80 </sect2> 81 82 <sect2 id="ojdk-certs" xreflabel="installing the JVM Certificate Authority Certificates"> 83 84 <title>Setting up the Certificate Authority Certificates for Java</title> 85 77 86 <para> 78 The installation of the JRE certificate authority bundle 79 is described in the <xref linkend="ojdk-certs"/> section. 87 <application>OpenJDK</application> uses its own format for the 88 CA certificates. The Java security modules use 89 <envar>$JAVA_HOME</envar><filename>/lib/security/cacerts</filename> by 90 default. In order to keep all the certificates in one place, we use 91 <filename>/etc/ssl/java/cacerts.jks</filename>. That file should be 92 generated using the system PKI trust store. The instructions 93 on the <xref linkend="make-ca"/> page should be used to update the file 94 located in <filename class="directory">/etc/ssl/java</filename>. 95 Run the conversion and setup a symlink in the default location as the 96 <systemitem class="username">root</systemitem> user: 80 97 </para> 81 98 99 <screen role="root"><userinput>/usr/sbin/make-ca -g --force && 100 ln -sfv /etc/ssl/java/cacerts.jks /opt/jdk/lib/security/cacerts</userinput></screen> 101 102 <para> 103 Use the following commands to check if the <filename>cacerts</filename> 104 file has been successfully installed: 105 </para> 106 107 <screen role="root"><userinput>cd /opt/jdk 108 bin/keytool -list -cacerts</userinput></screen> 109 110 <para> 111 At the prompt <computeroutput>Enter keystore password:</computeroutput>, 112 enter <userinput>changeit</userinput> (the default) or just press the 113 <quote>Enter</quote> key. If the <filename>cacerts</filename> file was 114 installed correctly, you will see a list of the certificates with 115 related information for each one. If not, you need to reinstall them. 116 </para> 117 118 <para> 119 If you later install a new JVM, you just have to create the symlink in 120 the default location to be able to use the cacerts. 121 </para> 122 123 </sect2> 124 82 125 </sect1>
Note:
See TracChangeset
for help on using the changeset viewer.