Java 8 to Java 11 Upgrade
Hi
we are planning to upgrade the Groundplex nodes from Java 8 to Java 11 as per the below instructions given on portal (applicable to our system)
Stop the existing JCC node by running the fo...
Forum Discussion
How about an easy process for getting the certs out of the existing Java8 cacerts truststore and into the new Java11 one? Or can we just copy the cacerts file itself?
Copying the trust store file directly is possible but it is not recommended, the newer JRE installation will have updated CA trust entries which would get overwritten if the file is directly copied. To copy a custom trust entry, it can be exported and then imported. To get the alias names in existing trust store, do
$OLD_JRE/bin/keytool -list -keystore $OLD_JRE/lib/security/cacerts -storepass changeit -v | grep ^Alias | grep -v "\[jdk\]"
The CA trust entries have aliases like “digicerttrustedrootg4 [jdk]”, excluding jdk should list only the custom trust entry aliases.
To export a specific certificate named MYALIAS, do
$OLD_JRE/bin/keytool -keystore $OLD_JRE/lib/security/cacerts -storepass changeit -export -file MYALIAS.cert -alias MYALIAS
To import MYALIAS.cert into new trust store, do
$NEW_JRE/bin/keytool -keystore $NEW_JRE/lib/security/cacerts -storepass changeit -import -file MYALIAS.cert -alias MYALIAS
Taking a backup of the cacerts file before the import would be good.
