Fri Nov 20 13:56:10 ICT 2015

After upgrading OpenJDK or Apache-tomcat


Any update of OpenJDK overwrites the file containing the CACERTs accepted by Java (the keystore in Java lingo).

To have Java continue connecting to AIT services with the Insitute self-signed certificates, you must upgrade /usr/local/openjdk7/jre/lib/security/cacerts:

keytool -keystore /usr/local/openjdk7/jre/lib/security/cacerts -importcert \
  -trustcacerts -file ~on/SSL/ca/ait-new.crt -alias "ait new bundle (RSA)" \
  -storepass changeit
keytool -keystore /usr/local/openjdk7/jre/lib/security/cacerts -importcert \
  -trustcacerts -file ~on/SSL/ca/ait-itserv.crt -alias "ait old bundle (IDE)" \
  -storepass changeit

An upgrade of Apache-tomcat will reset the ownership of many directories in Apache-tomcat installation to www.

To keep Apache-tomcat running with the user tomcat you must change the wonership back:

sudo chown -R tomcat:tomcat /usr/local/apache=-tomcat-8.0

Posted by Olivier | Permanent link | File under: administration, freebsd