How to update the 'cacerts' for jvm to use?


My Beagleboard-xm is running angstrom.

When running a java jar file that uses sun’s open source “mail.jar”, I get the following error: java.lang.RuntimeException: Unexpected error: the trustAnchors parameter must be non-empty
… Of course, the complete stack trace is much longer but I feel the general error is understandable from the above.

When I looked at:
I saw that my cacerts file is only 32 bytes (probably means it is empty).

I tried copying ‘cacerts’ from my PC running ubuntu but then got an error that said something with “time stamp” issues.

“keytool” program is not present in my angstrom dist.

Is the missing certificates the problem?
If so, what can be done to properly install/configure the necessary certificates?


Well, it seems nobody had any idea how to answer (or didn’t want to), so here is the answer:
“keytool” program does exist in the open jdk package, it’s just not in the pass.

Using openssl I was able to get the key for what I needed - in my case gmail cert:
openssl s_client -connect

The output included the needed key.

I then copied all the lines between (and including) the lines “-----BEGIN CERTIFICATE-----” and “-----END CERTIFICATE-----” into a file called “gmail.cert”.

I verified that the key was OK by typing:
openssl x509 -in gmail.cert -text

Last and final call was (notice the folder):
root@beagleboard:/usr/lib/jvm/java-6-openjdk/bin# ./keytool -import -alias -keystore /usr/lib/jvm/java-6-openjdk/jre/lib/security/cacerts -file /media/sda1/gmail.cert

where “/media/sda1/” was the location of the certificate.

By doing this - I was finally able to use my program and send mail…


בתאריך יום שלישי, 9 באוקטובר 2012 23:48:45 UTC+2, מאת Gilad: