While it may be so that OpenJDK ships with empty certificates file, this is not sufficient to explain the issue, or consistent with the bug report I made. Quoting from the original bug report: "I discovered that the JDK's lib/security/cacerts is a symlink to /etc/ssl/certs/java/cacerts, which is provided by ca-certificates-java package".
This symlink exists, and it is the one used by JDK. The issue was that JDK9 is unable to read the contents of PKCS12-formatted keystore file, but is able to read its old JKS keystore file. In both cases, the files do contain certificates. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1739631 Title: Fresh install with JDK 9 can't use the generated PKCS12 cacerts keystore file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1739631/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs