← Back to team overview

openjdk team mailing list archive

  1. openjdk team
  2. Mailing list archive
  3. Message #00404

Bug#489749: Errors removing CAs that don’t exist, or adding ones that do

  Thread PreviousDate PreviousThread Next 
Package: ca-certificates-java
Version: 20080514
Severity: grave

[Found in intrepid’s package, which is identical, and reported here:
<https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/244412>]
Running ‘sudo dpkg-reconfigure ca-certificates’ and deleting a certificate gives me this error:
Running hooks in /etc/ca-certificates/update.d....keytool error: java.lang.Exception: Alias <brasil_gov_br_pem> does not exist 

Adding it back gives me this error:
Running hooks in /etc/ca-certificates/update.d....Certificate already exists in keystore under alias <brasil_gov_br> Do you still want to add it? [no]: keytool error: java.lang.IllegalArgumentException
Furthermore, because the jks-keystore hook begins with ‘set -e’, if there is an error on the first certificate, all the later changes in the same run are ignored.
Actually, I also get an error adding any certificate, even if it doesn’t already exist.
Running hooks in /etc/ca-certificates/update.d....Owner: OU=MIT Certification Authority, O=Massachusetts Institute of Technology, ST=Massachusetts, C=US Issuer: OU=MIT Certification Authority, O=Massachusetts Institute of Technology, ST=Massachusetts, C=US 
…blah blah blah…
Trust this certificate? [no]: keytool error: java.lang.IllegalArgumentException
I think the -trustcacerts and/or -noprompt options need to be passed to keytool to fix this.
  Thread PreviousDate PreviousThread Next