In case you need to use https / TLS / SSL certificates provided by the Operating System, instead of those included in Azul Zulu or Azul Zing rpm/deb/tar packages, use the -Djavax.net.ssl.trustStore java command line parameter to point to the cacerts file containing the certificates provided by the Operating System.
- on RHEL / CentOS add -Djavax.net.ssl.trustStore=/etc/pki/java/cacerts
- on Ubuntu / Debian add -Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts
This will also solve the following error seen when custom certificates have been added to the system outside of the Azul Zulu or Azul Zulu Prime package:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
To verify which cacerts file is actually loaded, add -Djavax.net.debug=ssl:trustmanager to see it as follows:
javax.net.ssl|DEBUG|...|TrustStoreManager.java|trustStore is: /etc/pki/java/cacerts
Add Comment
Comments
Please sign in to leave a comment.