cacerts support

Thomas Fitzsimmons fitzsim at
Thu May 29 12:42:36 PDT 2008


I deleted patches/icedtea-certbundle.patch.  There were problems with the 
approach of reading system-installed certs directly, the main one being that 
some apps explicitly require the existence of a valid cacerts file.  See for 

In Fedora we've created a new noarch package to host certificates, called 

It runs keytool to generate /etc/pki/java/cacerts from Mozilla's certificates. 
The OpenJDK package depends on ca-certificates and symlinks 
/usr/lib/jvm/java-1.6.0-openjdk- to 

Other distributions may need to follow suit.


More information about the distro-pkg-dev mailing list