On 12/8/17 8:15 PM, Volker Simonis wrote:
OK, I've opened the RFR "JDK-8193255: Root Certificates should be
stored in text format and assembled at build time" for this issue.
I've also put some information about how the AdoptOpenJDK builds their
cacerts JKS file from the Mozilla certdata.txt data into the JBS
issue. I think we should do something similar in the OpenJDK at build
time.
Thank you!
By the way, how did you create the JKS file which will be contributed
to the OpenJDK. I suppose Oracle gets all the contained certificates
in a text format and assembles them internally into the binary cacerts
file. So you must already have some tooling for doing this (although I
understand that it may be not suitable for direct inclusion into the
OpenJDK because of copyright/licensing issues).
I used keytool to import certificates in to keystore. The certificate
itself can be in DER or PEM format. PEM is a base64 encoded so we can
use it while working on [1].
You can use keytool if needed to export certificate from keystore and
then convert to PEM format.
Thanks,
Rajan
Regards,
Volker
[1]https://bugs.openjdk.java.net/browse/JDK-8193255
