I don't think I've been much help. > Hi, > > Am Freitag, den 22.04.2011, 21:19 +0900 schrieb Joel Rees: >> You say options, does that mean you did or did not find the browser >> certificate store dialog? > > I did find it, but the trusted certificate was not in the list. I think > it is being added at another place. But I was unable to locate it. > >> > Therefore I think that the certificate is marked trusted by OpenJDK. >> > But I'm unable to find the default keystore. >> >> Have you tried installing the openJDK Policy Tool (GUI) and/or >> Monitoring and Management Console (JConsole)? > > Yes, but it did not help me to find the certificate store location.
That's awkward. >> > It should be possible to add and remove trusted certificates with the >> > keytool command, but I have to specify the keystore. >> > >> > Any idea where OpenJDK might have it's default keystore? >> > Or am I looking the wrong way at that problem? >> >> I think the policy tool can tell you what it's using. Then again, I >> thnk the command line policy tool should use the default if it's going >> to use the default. > > I also thought so, but it requires you to specify a key store location. > This differs to what I found in the documentation of the oracle keytool. hmmm > | Keystore Location > | > | Each keytool command has a -keystore option for specifying the name > | and location of the persistent keystore file for the keystore managed > | by keytool. The keystore is by default stored in a file > | named .keystore in the user's home directory, as determined by the > | "user.home" system property. Given user name uName, the "user.home" > | property value defaults to > | > | C:\Winnt\Profiles\uName on multi-user Windows NT systems > | C:\Windows\Profiles\uName on multi-user Windows 95 systems > | C:\Windows on single-user Windows 95 systems > | > | Thus, if the user name is "cathy", "user.home" defaults to > | > | C:\Winnt\Profiles\cathy on multi-user Windows NT systems > | C:\Windows\Profiles\cathy on multi-user Windows 95 systems Well, that's a nice MSWindows-specific bit of help. :-( > Source: > http://download.oracle.com/javase/1.4.2/docs/tooldocs/windows/keytool.html Yeah, MSWindows-specific. I wonder if there is a similar page for Linux. (Oracle isn't very helpful for free.) > I do not have a .keystore file though. Using `find . -name *keystore*` > will only give me gnome keyring's keystore, which does not hold the > certificate either. I'm thinking they've hidden all that stuff in a database sort of file. In the .mozilla directory. Except that would be what the browser shows you when you check the browser's certificate list. > Just gave it a try and switched to oracles JRE. That one asked me again > if I want to trust the certificate. Seems that OpenJDK and SUN/Oracle > JRE do not share the same keystore. Unless it got purged during the > uninstall. Gone with the purge is a possibility. > But still I'm not sure how to undo an "Always Trust" option with oracles > JRE or OpenJDK. Probably these options are not meant to be undone :-) Well, yeah, TBH, the general appoach is to revoke the certificate, rather than remove it. That puts an entry in the revocation list and prevents a bad certificate from being accepted blindly again. Again, sorry I'm not much help. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/banlktin8m2gpj3qt0hdxhn6t-wuzcbg...@mail.gmail.com