ca-certificates in JVM keystore #190
michael-barker
started this conversation in
Java Team
Replies: 1 comment
-
Yes, I would expect it to have those certificates unless you're running Java 18 or higher. They changed the keystore format in Java 18 and there are some issues with the Go libraries we use making everything work with those versions. See paketo-buildpacks/libjvm#158 For now, it just skips loading certs so that could cause issues. You could work around this by using Java 17 or by including your own truststore and telling the driver to use that when verifying the certificates. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I have a JVM application that's connecting to Elasticache with in transit encryption but the connection fails because it fails to verify the certificate. I can see that the Amazon root CAs exist in the image but they don't appear to be in the JVM keystore. This is a Spring Boot application with
spring.redis.ssl: true
.Should these be added automatically? This comment from an issue on the ca-certificate buildpack led me to believe this should work but maybe these CAs need to be added explicitly?
paketo-buildpacks/ca-certificates#145 (comment)
Beta Was this translation helpful? Give feedback.
All reactions