https / TLS / SSL certificates provided by the Operating System, instead of those included in Azul Zulu or Azul Zing rpm/deb/tar packages, can be used as follows:
macOS
This is fully implemented in Java 25 and newer:
to use the root certificates from the OS:
-Djavax.net.ssl.trustStoreType=KeychainStore-ROOTto read only private keys and private certificates from the OS:
-Djavax.net.ssl.trustStoreType=KeychainStore
Windows
Available with Java 11 and newer:
to use the root certificates from the OS:
-Djavax.net.ssl.trustStoreType=Windows-ROOTto read only private keys and private certificates from the OS:
-Djavax.net.ssl.trustStoreType=Windows-MY
Linux
On Linux distributions which provide certificates below /etc/pki and /etc/ssl or similar paths, those can be used by Java as long the operating system generates cacerts files. For example on Ubuntu this file is managed by the script /etc/ca-certificates/update.d/jks-keystore from package ca-certificates-java. To use those certificates provided by Linux on Java 8 or newer:
on DEB-based Linux:
-Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacertson RPM-based Linux:
-Djavax.net.ssl.trustStore=/etc/pki/java/cacerts
Verbose Logging
To verify from which locations certificates are loaded for debug purposed, add -Djavax.net.debug=ssl:trustmanager to the java command line. Example output:
javax.net.ssl|DEBUG|...|TrustStoreManager.java|trustStore is: /etc/pki/java/cacerts
Add Comment
Comments
Please sign in to leave a comment.