3

I'm using OpenJDK 8 (downloaded and unzipped from https://jdk.java.net/java-se-ri/8, added to PATH), and I'm running into certificate errors.

Upon investigation, I realized there is a problem with cacerts.

Running keytool -list -keystore cacerts returns an error: keytool error: java.lang.Exception: Keystore file does not exist: cacerts,

but running keytool -list -keystore "C:\development\exec\cmd\jdk8\jre\lib\security\cacerts"

gets me a list of actual certificates. JAVA_HOME does point to

C:\development\exec\cmd\jdk8 and PATH does have an entry %JAVA_HOME%\bin. How should I configure java to look in the right place for cacerts?

java -version returns the following:

openjdk version "1.8.0_40"
OpenJDK Runtime Environment (build 1.8.0_40-b25)
OpenJDK Client VM (build 25.40-b25, mixed mode)
Soumen Mukherjee
  • 2,953
  • 3
  • 22
  • 34
kjerins
  • 403
  • 1
  • 4
  • 19
  • Where is the *.cer file in the Keytool command. Please go with this url https://stackoverflow.com/questions/6340918/trust-store-vs-key-store-creating-with-keytool – Lova Chittumuri Oct 22 '19 at 07:12
  • @LovaChittumuri Unless I'm misunderstanding something, .cer files contain certificates one would import into the truststore, but that's not what I'm trying to do. My problem is the fact that Java doesn't see the truststore even though it's at the default location. – kjerins Oct 22 '19 at 07:35

1 Answers1

6

It looks like the question was based on an incorrect premise - there is no such thing as a default truststore location that keytool would look at, and it simply looks for the given file in the current directory.

I realized this after installing Oracle JDK 8 and repeating the previously described steps. I'd just never thought to run keytool from %JAVA_HOME%\jre\lib\security; I kept running it from the directory of a project whose build was failing due to repository connection errors. The actual problem I originally had was that the OpenJDK cacerts file was empty; I replaced it with cacerts taken from another JRE 8 installation, and never thought to retry the build after that.

kjerins
  • 403
  • 1
  • 4
  • 19
  • 1
    thank you my good man, i've been struggling for two days to fix this!! copying cacerts from another machine hadn't occured to me!! – sfranky Dec 22 '19 at 10:16