Wartbarkeit, Stabilität und Effektivität

Java update = keystore resetted

2013-06 19
Mi, 2013-06-19 11:58 -- mig

Anytime a Java-Update happens (hopefully not just a security-fix), anyhow the java-keystore forgets the cacert root-certificates. This little snippet called insert_cacert.sh downloads and adds the missing certificates into the active java-security-central ;-)

#!/bin/bash
curl http://www.cacert.org/certs/root.crt -o ~/cacert_class1.crt
curl http://www.cacert.org/certs/class3.crt -o ~/cacert_class3.crt
 
KEYSTORE=$JAVA_HOME/jre/lib/security/cacerts
echo "yes
" | keytool -keystore $KEYSTORE -storepass changeit -import -trustcacerts -v -alias cacertclass1 -file ~/cacert_class1.crt
keytool -keystore $KEYSTORE -storepass changeit -import -trustcacerts -v -alias cacertclass3 -file ~/cacert_class3.crt
 
rm ~/cacert_class1.crt ~/cacert_class3.crt

It depends on a correct KEYSTORE variable. The path has to be adjusted to the Unix-flavor of your system. The above example works for my gentoo-Linux. In OS-X the keystore is located in /Library/Java/Home/lib/security/cacerts