[macOS Mojave] ERROR: failed to execute "keytool -list" on "mkcert -install"

[Zorgatone]

On macOS Mojave 10.14 (18A391) using iTerm2 Build 3.2.5 and zsh 5.6.2 (x86_64-apple-darwin18.0.0) and Homebrew 1.8.1 Homebrew/homebrew-core (git revision d338a; last commit 2018-11-01)

Installed mkcert with:

# brew install mkcert
# brew install nss

Then running command mkcert -install fails with:

Created a new local CA at "/Users/tommasoricci/Library/Application Support/mkcert" 💥
The local CA is now installed in the system trust store! ⚡️
The local CA is now installed in the Firefox trust store (requires browser restart)! 🦊
ERROR: failed to execute "keytool -list": fork/exec bin/keytool: no such file or directory

[adamdecaf]

FYI: I'm upgrading macOS and will look at this soon.

[adamdecaf]

Is your JAVA_HOME set? I had to set that (after brew cask install java):

JAVA_HOME=/Library/Java/JavaVirtualMachines/openjdk-11.0.1.jdk/Contents/Home/

[adamdecaf]

https://github.com/FiloSottile/mkcert/pull/90 shows a better error message in this case

[Zorgatone]

@adamdecaf it's set in .zshrc but not in .bashrc|.bash-profile|.profile

export JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk1.8.0_152.jdk/Contents/Home

Might this be the issue? I launched mkcert from zsh shell though, does it matter?

[adamdecaf]

It could be. You could always check the current value with $ echo $JAVA_HOME in your shell.

Can you try running mkcert with JAVA_HOME set explicitly?

$ JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk1.8.0_152.jdk/Contents/Home mkcert -install

[Zorgatone]

It could be. You could always check the current value with $ echo $JAVA_HOME in your shell.

Can you try running mkcert with JAVA_HOME set explicitly?

$ JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk1.8.0_152.jdk/Contents/Home mkcert -install

Nope, didn't work either (with zsh) I also tried setting JAVA_HOME in .profile (bash)

Then I also tried to run with bash (also with explicit JAVA_HOME set)

 ~  bash                                                                                                                                                              1 ↵  10013  20:47:56
bash-3.2$ JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk1.8.0_152.jdk/Contents/Home mkcert -install
Using the local CA at "/Users/tommasoricci/Library/Application Support/mkcert" ✨
ERROR: failed to execute "keytool -list": fork/exec bin/keytool: no such file or directory

bash-3.2$

[adamdecaf]

Did you make sure $JAVA_HOME/bin/keytool exists and is marked as executable?

[Zorgatone]

ls: /Library/Java/JavaVirtualMachines/jdk1.8.0_152.jdk/Contents/Home/bin/keytool: No such file or directory

Should keytool be installed automatically along with jre/jdk or does it need an additional step to manually install it?

[Zorgatone]

Won't it default to macOS system store if java keytool isn't found?

[adamdecaf]

I thought the JRE installs keytool, but I might be wrong for Java 8.

Won't it default to macOS system store if java keytool isn't found?

What "it" are you referring to?

[Zorgatone]

I thought the JRE installs keytool, but I might be wrong for Java 8.

Won't it default to macOS system store if java keytool isn't found?

What "it" are you referring to?

I'm referring to the mkcert application, if it checks wheter keytool is in the java path, and if it would fallback to the macOs system store in case it's unavailable

[adamdecaf]

mkcert installs into the system store regardless if keytool is found or not.

[FernandoBasso]

Leaving my two cents here as it might help others and my future self.

Previous comment says:

I'm referring to the mkcert application, if it checks whether keytool is in the java path, and if it would fallback to the macOs system store in case it's unavailable.

In my case, I had openjdk@11 installed on macOS and JAVA_HOME was set. What I did was simply to unset JAVA_HOME (in the hopes that it would use whatever was available in macOS and not depend on Java stuff) for that shell session:

$ unset JAVA_HOME

mkcert -install worked after that.