On Sun, Feb 22, 2009 at 6:35 AM, Randy McMurchy <[email protected]> wrote: > DJ Lucas wrote these words on 02/22/09 00:00 CST: >> Following on from a discussion on the distro package dev list, we will >> require a distro specific root CA certs file for OpenJDK/IcedTea when it >> reaches a point that I deem 'stable' (see "OT" below sig). > > Could you explain what a "distro specific root CA certs file" is? > > >> Comments, corrections, suggestions, other >> explanations? > > I'm lost. Perhaps you could explain *why* we need these, and what do > they do, before deciding how to go about it.
Java wants a file containing the certificates of trusted root certificate authorities (CAs) for SSL/TLS. Amongst other things, this list of root CAs is how your browser decides whether to trust a https site or not. Two of them commonly exist on a BLFS system. The ones from openssl in /etc/ssl/certs and the ones from mozilla built into NSS. In fedora, they've extracted the NSS certificates using the script DJ pointed to. Debian has a package which collects the mozilla certs as well as some others. He's proposing to use one or the other as the canonical BLFS root CA repository (which will in turn be used by jdk). -- Dan -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
