ca-certificates-java needs to be backported to stretch as well. On Fri, Nov 23, 2018 at 7:33 AM Robert Lemmen <rober...@semistable.com> wrote: > > Source: openjdk-11 > Severity: normal > > hi folks, > > I was using the brand new openjdk-11 packages in stretch-backports. > thanks for providing these! they generally seem to work for me, but I > found that I cannot make TS connections. some googling revealed that the > default format for the cacert files jdk reads changed from jks to pkcs12 > or so. there seem to be plenty of reports aboutthis problem e.g. [0]. > > I managed to work around it by doing this: > > + echo "javax.net.ssl.trustStorePassword=changeit" \ > + >> /etc/java-11-openjdk/management/management.properties && \ > + /usr/bin/printf > '\xfe\xed\xfe\xed\x00\x00\x00\x02\x00\x00\x00\x00\xe2\x68\x6e\x45\xfb\x43\xdf\xa4\xd9\x92\xdd\x41\xce\xb6\xb2\x1c\x63\x30\xd7\x92' > > /etc/ssl/certs/java/cacerts && \ > + /var/lib/dpkg/info/ca-certificates-java.postinst configure > > but I guess a better solution is needed > > regards robert > > > -- System Information: > Debian Release: buster/sid > APT prefers testing > APT policy: (500, 'testing') > Architecture: amd64 (x86_64) > > Kernel: Linux 4.18.0-2-amd64 (SMP w/8 CPU cores) > Locale: LANG=en_GB.UTF-8, LC_CTYPE=de_DE@euro (charmap=ISO-8859-15), > LANGUAGE=en_GB:en (charmap=ISO-8859-15) > Shell: /bin/sh linked to /bin/dash > Init: systemd (via /run/systemd/system) > LSM: AppArmor: enabled >
-- Tiago Stürmer Daitx Software Engineer tiago.da...@canonical.com PGP Key: 4096R/F5B213BE (hkp://keyserver.ubuntu.com) Fingerprint = 45D0 FE5A 8109 1E91 866E 8CA4 1931 8D5E F5B2 13BE