Home > front end >  Why are Java truststores identical across all installed JDK versions?
Why are Java truststores identical across all installed JDK versions?

Time:11-03

I was troubleshooting an SSLHandshakeException on my Apache Tomcat server when I noticed some very weird behaviors of the JDK truststore (<jdk-root>/lib/security/cacerts) on the server.

Across all the many JDKs installed on the server (multiple major and minor versions) wherever I look at a truststore under a specific installation it is completely identical to all the others.

Additionally if I import a new certificate using this command keytool -import -trustcacerts -alias <somealias> -file <somecertificate>.cer -keystore <jdk-root>/lib/security/cacerts -storepass <password> this newly imported certificate is immediately also included in all other truststores under different JDK installations. No restart of the JVM is necessary for the running tomcat applications to use this newly imported certificate either.

Both the automatic reload and shared truststore is in stark contrast to what I experience in my local dev environment, which is why I'm puzzled by this.

Can someone point me in the direction of what is going on here?

CodePudding user response:

Because "cacerts" is a symbolic link on your server. Check it with ls -la <jdk-root>/lib/security/

Page link:https//www.codepudding.com/frontend/176263.html

Prev:Using scale_x_continuous in ggplot with x and y axis labels
Next:.war on tomcat on docker, 404 on servlet
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding