Public bug reported:
Debian and Ubuntu provide a standard mechanism for adding a trusted SSL
certificate authority to the system, by configuring it in /etc/ca-
certificates.conf and running update-ca-certificates. That command
symlinks trusted CAs into /etc/ssl/certs and adds them to /etc/ssl/certs
/ca-certificates.crt.
I’m pretty sure this used to work with openjdk, but it no longer does.
Even though my local CA is correctly configured and other applications
can use it, Java applets on SSL pages fail to load with exceptions like
this:
I/O exception while reading:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
Perhaps this is related to LP #224455 (which looks bogus to me because
/etc/ssl is world-readable by default).
openjdk should either read trusted CAs from the standard location, or it
should hook update-ca-certificates to add trusted CAs to whatever
private keystore it actually uses (by dropping a hook script into /etc
/ca-certificates/update.d). Users of local CAs should not have to
configure them in a dozen different locations.
** Affects: openjdk-6 (Ubuntu)
Importance: Undecided
Status: New
--
openjdk doesn’t trust SSL certificates configured with update-ca-certificates
https://bugs.launchpad.net/bugs/240314
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
