OpenJDK build creates an empty certificate keystore
OpenJDK 1.7 build creates an empty trusted certificate authority keystore. It results in such cryptic errors as:
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
I encountered such issue trying to start Logstash 1.5 on Alpine Linux.
Here, I am checking the keystore for Alpine Linux:
bash-4.3# cat /etc/issue
Welcome to Alpine Linux 3.1
bash-4.3# keytool -list -keystore
/usr/lib/jvm/java-1.7-openjdk/jre/lib/security/cacerts -storepass
changeit
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 0 entries
Just to compare, I am checking the keystore for Ubuntu Linux:
root@b1c19f12ce4a:/# cat /etc/issue
Ubuntu 14.04.2 LTS
root@b1c19f12ce4a:/# keytool -list -keystore
/usr/lib/jvm/java-7-openjdk-amd64/jre/lib/security/cacerts -storepass
changeit
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 173 entries
Is that reasonable to supply Alpine with some pre-installed
certificates?
Thank you.
(from redmine: issue id 4128, created on 2015-04-28, closed on 2016-03-18)
- Changesets:
- Revision 94969c8a by Natanael Copa on 2016-01-14T13:42:23Z:
community/openjdk8: fix cacerts
ref #4128
- Revision 24450670 by Natanael Copa on 2016-01-14T13:59:48Z:
community/openjdk8: fix cacerts
fixes #4128
(cherry picked from commit 94969c8a556eedeeafb78a33752ab6b6e6f7f892)