Using https / TLS / SSL certificates provided by the Operating System

In case you need to use https / TLS / SSL certificates provided by the Operating System, instead of those included in Azul Zulu or Azul Zing rpm/deb/tar packages, use the -Djavax.net.ssl.trustStore java command line parameter to point to the cacerts file containing the certificates provided by the Operating System.

  • on RHEL / CentOS add -Djavax.net.ssl.trustStore=/etc/pki/java/cacerts
  • on Ubuntu / Debian add -Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts 

This will also solve the following error seen when custom certificates have been added to the system outside of the Azul Zulu or Azul Zulu Prime package:

sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target

To verify which cacerts file is actually loaded, add -Djavax.net.debug=ssl:trustmanager to see it as follows:

javax.net.ssl|DEBUG|...|TrustStoreManager.java|trustStore is: /etc/pki/java/cacerts

 

Add Comment

Comments

0 comments

Please sign in to leave a comment.

Was this article helpful?
0 out of 0 found this helpful