To get java apps connecting to another servers, I believe that ssl cert of the remote server has to be imported into a Java keystore.
The issue I'm having is trying to decide which keystore to import it into?
Here are just of few of the many keystore locations:
Code:
etc/pki/ca-trust/extracted/java/BAK.cacerts
/etc/pki/ca-trust/extracted/java/cacerts
/etc/pki/java/cacerts
/opt/atlassian/jira/jre/lib/security/cacerts
/opt/netpoint/webgate/access/_jvmWebGate/lib/security/cacerts
/usr/java/jdk1.8.0_121/jre/lib/security/cacerts
/usr/java/jdk1.8.0_121.org/jre/lib/security/cacerts
/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.41.x86_64/jre/lib/security/cacerts
/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.261-2.6.22.2.el7_8.x86_64/jre/lib/security/cacerts
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.302.b08-0.el7_9.x86_64/jre/lib/security/cacerts
/var/McAfee/agent/ml_cacerts.cer
/var/McAfee/agent/certstore/ml_cacerts.cer
Initially I imported the cert into
Code:
/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.41.x86_64/jre/lib/security/cacerts
and java connected fine. However, after running the command update-ca-trust, for some reason it removed the cert and broke the java.
Where is the proper keystore location to import all certs for JKS and so that when java is upgraded it doesn't have to be re-imported?