dirmgr
commented
2 years ago Thank you for pointing this out. I've just committed a change to make the LDAP SDK to correctly look for the jssecacerts file. It should be available in the next release, which will likely be within the next week or two.
Sorry for taking a few days to get to this.
JVMDefaultTrustManager suggests to support default behaviour, but actually doesn't.
It is missing the case if you have a $JAVA_HOME/lib/security/jssecacerts, which acts as a drop-in replacement for $JAVA_HOME/lib/security/cacerts.
source: https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#X509TrustManager
...but still present in Java 17 as well: https://docs.oracle.com/en/java/javase/17/security/java-secure-socket-extension-jsse-reference-guide.html#GUID-32CF3420-56E8-4BC5-8D3B-1F6B4692A290