Results 1 to 4 of 4

Thread: Java upgrade removes CA cert for LDAP connection

  1. #1
    Join Date
    Jul 2013
    Location
    Minnesota, USA
    Posts
    36

    Java upgrade removes CA cert for LDAP connection

    We load our institutional CA into the Java keystore for LDAP connections. After a recent Java upgrade, that CA was not loaded automatically and it looks like the keystore that we had loaded it into was replaced.

    Is there some blessed way to load CA certs into the keystore so that they are kept around even on upgrades?

    Running SLES 12 at the moment. Thanks!

  2. #2

    Re: Java upgrade removes CA cert for LDAP connection

    Most of the time it is the best practice to have the code running within
    Java use a truststore outside of the JRE but specific to the application
    for this exact reason. It's Sun/Oracle's job to keep us safe by replacing
    that file with new trusted CAs, removing old untrusted CAs, and that
    cannot happen in the situation as developed. On the other hand, there are
    articles aplenty on how to code an application to use a truststore loaded
    at runtime, and many applications have this option present by default.

    --
    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...

  3. #3
    Join Date
    Jul 2013
    Location
    Minnesota, USA
    Posts
    36

    Re: Java upgrade removes CA cert for LDAP connection

    Could you point me at one? I'm super lazy. :-)

    Quote Originally Posted by ab View Post
    Most of the time it is the best practice to have the code running within
    Java use a truststore outside of the JRE but specific to the application
    for this exact reason. It's Sun/Oracle's job to keep us safe by replacing
    that file with new trusted CAs, removing old untrusted CAs, and that
    cannot happen in the situation as developed. On the other hand, there are
    articles aplenty on how to code an application to use a truststore loaded
    at runtime, and many applications have this option present by default.

    --
    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...

  4. #4

    Re: Java upgrade removes CA cert for LDAP connection

    First hit from Google querying for java use custom truststore:

    http://stackoverflow.com/questions/2...he-default-one


    --
    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •