If Java update is planned, reloading the LDAP/ Java Certificate may be necessary.
To check
The Java trust store may be loaded with several root certificates (ldap, root windows domain, third party e.g. Fedex, etc).
If .cer or .crt file(s) exist then certificate(s) will need to be reloaded after java is updated.
ls -l /SCC/TPC/JavaTrust
Example - SLHS
bbdbinprd03:/> ls -l /SCC/TPC/JavaTrust
-rw-r-----. 1 sccadm sccadm 2796 Nov 14 2022 ldaps.slhs.org.cer
-rw-r-----. 1 sccadm sccadm 2788 Mar 25 2020 stlukesent2ca-Intermediate.cer
-rw-r-----. 1 sccadm sccadm 2028 Mar 25 2020 stlukesrootca-Root.cer
Example - TMHS:
hhvlisappp03:/> ls -l /SCC/TPC/JavaTrust
-rw-r--r-- 1 sccadm sccadm 1273 Feb 4 2022 ldaps.crt
Java Certificate Reload:
If /SCC/TPC/JavaTrust directory contains certificates add all of them to java trust store.
As root:
cd /SCC/TPC/JavaTrust
ls
If Java update is planned, reloading the LDAP/ Java Certificate may be necessary.
To check The Java trust store may be loaded with several root certificates (ldap, root windows domain, third party e.g. Fedex, etc). If .cer or .crt file(s) exist then certificate(s) will need to be reloaded after java is updated.
ls -l /SCC/TPC/JavaTrust
Example - SLHS bbdbinprd03:/> ls -l /SCC/TPC/JavaTrust -rw-r-----. 1 sccadm sccadm 2796 Nov 14 2022 ldaps.slhs.org.cer -rw-r-----. 1 sccadm sccadm 2788 Mar 25 2020 stlukesent2ca-Intermediate.cer -rw-r-----. 1 sccadm sccadm 2028 Mar 25 2020 stlukesrootca-Root.cer
Example - TMHS: hhvlisappp03:/> ls -l /SCC/TPC/JavaTrust -rw-r--r-- 1 sccadm sccadm 1273 Feb 4 2022 ldaps.crt
Java Certificate Reload: If /SCC/TPC/JavaTrust directory contains certificates add all of them to java trust store. As root: cd /SCC/TPC/JavaTrust ls
set correct java version e.g.:
export JAVA_HOME=/usr/java/latest # For Linux
load certificates into java trust store:
export PATH=$JAVA_HOME/jre/bin:$JAVA_HOME/bin:$PATH
for i in .cer crt do
echo yes | keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -file $i -alias $i done
Confirm: If no errors during the reload, then it works. If it errors out then it does not work.