This bug was fixed in the package ca-certificates-java -
20180516ubuntu1~18.04.1
---
ca-certificates-java (20180516ubuntu1~18.04.1) bionic; urgency=medium
* Backport from Cosmic. (LP: #1770553)
ca-certificates-java (20180516ubuntu1) cosmic; urgency=low
* Merge from Debian
** Tags removed: verification-needed
** Tags added: verification-done
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1739631
Title:
Fresh install with JDK 9 can't use the generated PKCS12 cacerts
** Tags removed: verification-needed-bionic
** Tags added: verification-done-bionic
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1739631
Title:
Fresh install with JDK 9 can't use the generated
Tested the proposed fix version 20180516ubuntu1~18.04.1 in a Docker
container, and it DID fix the issue, both as an upgrade to a previously
installed package version 20170930ubuntu1, and as a first install.
Verification steps: Ran the TestHttps program from
Hello Antti, or anyone else affected,
Accepted ca-certificates-java into bionic-proposed. The package will
build now and be available at https://launchpad.net/ubuntu/+source/ca-
certificates-java/20180516ubuntu1~18.04.1 in a few hours, and then in
the -proposed repository.
Please help us by
** Description changed:
[Impact]
Any user doing a new install can be affected as soon as they install any
openjdk-11 package.
[Cause]
The ca-certificate-java version 20170930 (or earlier) used OpenJDK's default
keystore to create /etc/ssl/certs/java/cacerts - if the file already
** Description changed:
- I ran into a problem after doing approximately the following on an
- install of Ubuntu 17.10:
+ [Impact]
+ Any user doing a new install can be affected as soon as they install any
openjdk-11 package.
+
+ [Cause]
+ The ca-certificate-java version 20170930 (or earlier)
** Changed in: ca-certificates-java (Ubuntu Bionic)
Status: Triaged => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1739631
Title:
Fresh install with JDK 9 can't use the generated
** Changed in: ca-certificates-java (Ubuntu Bionic)
Assignee: (unassigned) => Tiago Stürmer Daitx (tdaitx)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1739631
Title:
Fresh install with JDK 9
** Changed in: ca-certificates-java (Ubuntu Bionic)
Milestone: None => ubuntu-18.04.1
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1739631
Title:
Fresh install with JDK 9 can't use the
** Changed in: ca-certificates-java (Debian)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1739631
Title:
Fresh install with JDK 9 can't use the generated PKCS12
** Also affects: ca-certificates-java (Ubuntu Bionic)
Importance: Undecided
Status: New
** Changed in: ca-certificates-java (Ubuntu Bionic)
Importance: Undecided => High
** Changed in: ca-certificates-java (Ubuntu)
Importance: Undecided => High
** Changed in:
** Changed in: ca-certificates-java (Debian)
Status: Unknown => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1739631
Title:
Fresh install with JDK 9 can't use the generated PKCS12
** Bug watch added: Debian Bug tracker #898678
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898678
** Also affects: ca-certificates-java (Debian) via
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898678
Importance: Unknown
Status: Unknown
--
You received this bug
This bug was fixed in the package ca-certificates-java - 20180413ubuntu1
---
ca-certificates-java (20180413ubuntu1) cosmic; urgency=medium
* Merge from debian unstable. Remaining changes: (LP: #1769013,
LP: #1739631)
+ debian/control: Bump javahelper build dependency.
+
See https://bugs.launchpad.net/ubuntu/+source/ca-certificates-
java/+bug/1769013 for merge of ca-certificates-java 20180413
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1739631
Title:
Fresh
Another workaround, used pyjks to generate a minimal JKS file with an empty
password,
and relying on the certificate file compatibility mode:
echo "storepass=''" >> /etc/default/cacerts
echo -e
This issue has been resolved upstream in 20180413
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894979
Can we please see it here sometime soon?
** Bug watch added: Debian Bug tracker #894979
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894979
--
You received this bug notification
I am seeing this with a 18.04 nightly; this is pretty much a showstopper
for any one developing with Maven.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1739631
Title:
Fresh install with JDK 9
To comment #5: If what you describe is true, then that is a different
bug, somehow. The default cacerts file should be in pkcs12 format, which
can't be used by java for some reason. The JKS keystore file can be
read, regardless of the keystore type setting in the security file.
However, I am
I have noticed a similar issue with openjdk-9 on Ubuntu 18.04 alpha and
getting errors in java applications with exception message:
java.lang.RuntimeException: Unexpected error:
java.security.InvalidAlgorithmParameterException: the trustAnchors
parameter must be non-empty
This is due to the
While it may be so that OpenJDK ships with empty certificates file, this
is not sufficient to explain the issue, or consistent with the bug
report I made. Quoting from the original bug report: "I discovered that
the JDK's lib/security/cacerts is a symlink to
/etc/ssl/certs/java/cacerts, which is
The OpenJDK was shipped with an empty cacerts file, which was fixed with
version 9.0.4 (See:
https://bugs.java.com/view_bug.do?bug_id=JDK-8189131)
Workaround:
Extract the 'cacerts' file from the latest OpenJDK and copy it into
/etc/ssl/certs/java
--
You received this bug notification because
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: ca-certificates-java (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
24 matches
Mail list logo
