Forum Stats

  • 3,733,585 Users
  • 2,246,789 Discussions


App accessing cacerts without password or type specified until recently

EddieTurbo Member Posts: 1 Green Ribbon


We inherited a Java Application running on RHEL in AWS late last year. It was provisioned every day, across multiple environments, by an automated build. The application uses its own instance of Java and that hasn't changed. However it was configured to look out at system trustStore (/etc/pki/java/cacerts).

All worked fine until 22nd of April (last week) when the application was no longer able to negotiate an SSL Handshake with a downstream server after the nightly build. We have verified the downstream server and nothing changed there.

On closer inspection though it just got really weird. We discovered that the trustStorePassword and trustStoreType parameters were never included as JVM arguments = /etc/pki/java/cacerts     - included as a JVM argument = ********           - never included = JKS                      - never included

So my question is, how could the application ever retrieve the signer certs from the store without all 3 arguments being provided?



Sign In or Register to comment.