Giter VIP home page Giter VIP logo

update-java-ca-certificates's Introduction

update-java-ca-certificates

This small utility takes care of creating a system-wide trust store starting from your Linux CA trust store.

This command is supposed to be run after running update-ca-certificates (8), so that the Java Keystore is in sync with the system trust store.

The issue that this tool is trying to solve is already solved by Arch Linux's update-ca-trust (8). Sadly not all the Linux distributions have solved the issue (yet), thus this is a tool to help standardize the mess that's currently out there in terms of path standardization and ca-certificates location.

Usage

Usage: update-java-ca-certificates [--debug] [--force] [--certificate-bundle CERTIFICATE-BUNDLE] [--password PASSWORD] FILE

Positional arguments:
  FILE

Options:
  --debug, -D
  --force, -f
  --certificate-bundle CERTIFICATE-BUNDLE, -c CERTIFICATE-BUNDLE [default: /etc/ssl/certs/ca-certificates.crt]
  --password PASSWORD, -p PASSWORD [default: changeit]
  --help, -h             display this help and exit

Example

update-java-ca-certificates -c /etc/ssl/certs/ca-certificates.crt /etc/ssl/java/cacerts

Result

keytool -list -keystore /etc/ssl/java/cacerts -storepass changeit

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 137 entries

02ed0eb28c14da45165c566791700d6451d7fb56f0b2ab1d3b8eb070e56edff5, 6 Jan 2022, trustedCertEntry, 
Certificate fingerprint (SHA-256): 02:ED:0E:B2:8C:14:DA:45:16:5C:56:67:91:70:0D:64:51:D7:FB:56:F0:B2:AB:1D:3B:8E:B0:70:E5:6E:DF:F5
(...)

Building

Requirements

  • Golang (1.19+)
  • Make

Steps

make
./bin/update-java-ca-certificates -h

Paths

This tool assumes the directories are set up according to what update-ca-trust (8) uses.

/etc/ssl/certs

This directory should contain individual CA certificates trusted for TLS authentication usage. The format to be used is the BEGIN CERTIFICATE / END CERTIFICATE one.

If you are able to parse the certificate with:

openssl x509 -in /etc/ssl/certs/your-certificate.pem  -noout -text

then you're good.

/etc/ssl/ca-certificates.crt

This file contains a bundle that is updated by update-ca-trust / update-ca-certificates.

/etc/ssl/java/cacerts

This file contains the trust anchor for Java. Its format is the Java Key Store (JKS).

update-java-ca-certificates's People

Contributors

christianciach avatar gilesw avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

christianciach isabella232 orcid stgloorious

update-java-ca-certificates's Issues

Corrupted cacerts created

I ran the update script on the ubuntu ca-certificates.crt and got an error when trying to parse the final cacerts it created:-

minijks_v1.0.0 inspect 

unexpected certificate type at position 16; found "X509", expected "X.509"

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.