Public bug reported:

The fix for Debian #894979 and Ubuntu bug #1739631 which updated 
ca-certificates-java to generate
JKS keystores by default - instead OpenJDK's 9+ default of PKCS12 - only fixes 
new installs.

Any user already affected by that issue won't benefit from the fix, as the file 
/etc/ssl/certs/java/cacerts is at most updated by the jks-keystore hook. The 
only way to actually change it from the PKCS12 to the JKS format is to remove 
the cacerts file and then calling
'update-ca-certificates -f' - which is also accomplished by removing and then 
reinstalling the ca-certificates-java package.

** Affects: ca-certificates-java (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: ca-certificates-java (Debian)
     Importance: Unknown
         Status: Unknown


** Tags: bionic cosmic patch

-- 
You received this bug notification because you are a member of OpenJDK,
which is subscribed to ca-certificates-java in Ubuntu.
https://bugs.launchpad.net/bugs/1771363

Title:
  ca-certificates-java: convert PKCS12 cacerts keystore to JKS

Status in ca-certificates-java package in Ubuntu:
  New
Status in ca-certificates-java package in Debian:
  Unknown

Bug description:
  The fix for Debian #894979 and Ubuntu bug #1739631 which updated 
ca-certificates-java to generate
  JKS keystores by default - instead OpenJDK's 9+ default of PKCS12 - only 
fixes new installs.

  Any user already affected by that issue won't benefit from the fix, as the 
file /etc/ssl/certs/java/cacerts is at most updated by the jks-keystore hook. 
The only way to actually change it from the PKCS12 to the JKS format is to 
remove the cacerts file and then calling
  'update-ca-certificates -f' - which is also accomplished by removing and then 
reinstalling the ca-certificates-java package.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1771363/+subscriptions

_______________________________________________
Mailing list: https://launchpad.net/~openjdk
Post to     : openjdk@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openjdk
More help   : https://help.launchpad.net/ListHelp

Reply via email to