Another workaround, used pyjks to generate a minimal JKS file with an empty password, and relying on the certificate file compatibility mode:
echo "storepass=''" >> /etc/default/cacerts echo -e "\xfe\xed\xfe\xed\x00\x00\x00\x02\x00\x00\x00\x00\x57\xbe\xbc\x27\x62\xa2\x1d\x70\xff\xf2\x18\xdd\x59\x68\x01\x1f\xfe\x42\x3a\x69" > /etc/ssl/certs/java/cacerts /var/lib/dpkg/info/ca-certificates-java.postinst configure -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1739631 Title: Fresh install with JDK 9 can't use the generated PKCS12 cacerts keystore file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1739631/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs