Anytime a Java-Update happens (hopefully not just a security-fix), anyhow the java-keystore
forgets the cacert root-certificates. This little snippet called insert_cacert.sh
downloads and adds the missing certificates into the active java-security-central ;-)
#!/bin/bash curl http://www.cacert.org/certs/root.crt -o ~/cacert_class1.crt curl http://www.cacert.org/certs/class3.crt -o ~/cacert_class3.crt KEYSTORE=$JAVA_HOME/jre/lib/security/cacerts echo "yes " | keytool -keystore $KEYSTORE -storepass changeit -import -trustcacerts -v -alias cacertclass1 -file ~/cacert_class1.crt keytool -keystore $KEYSTORE -storepass changeit -import -trustcacerts -v -alias cacertclass3 -file ~/cacert_class3.crt rm ~/cacert_class1.crt ~/cacert_class3.crt
It depends on a correct KEYSTORE
variable. The path has to be adjusted to the Unix-flavor of your system.
The above example works for my gentoo-Linux. In OS-X the keystore
is located in /Library/Java/Home/lib/security/cacerts