-
Notifications
You must be signed in to change notification settings - Fork 221
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
default root ca certificates in Corretto keystore compared with Oracle's #59
Comments
@vijayyadav06 We distribute the same cacerts that you get in Amazon Linux, which is an Amazon-managed list of certs. The list of certs provided by Oracle is managed internally by them as part of their distribution. There will be some overlap but we can't guarantee what that overlap will be. We recommend checking for each one that you know you'll need using keytool. |
Wished at least Amazon root certificate was included :( |
Heads up that if you're migrating from OpenJDK, it seems to symlink to the system truststore on CentOS 7 at least:
If you've added anything special to that truststore and use it under OpenJDK, you may have to re-symlink the Corretto CA Certs to your system keystore.
|
Thank you for pointing this out! I believe that Corretto should behave just like OpenJDK and use the system trust store so I just requested that: #171 |
Hi,
As we are looking into migrating to Corretto, we wanted to compare the root certs in corretto vs oracle's jdk8 (1.8.0_202) with a goal to figure out the impact on our web facing applications (and better estimation for migration effort).
So the Oracle jdk8 had 96 entries and Corretto has 155 in their keystore. Wondering if all the root certs of Oracle jdk are included in Corretto?
more detail -
/Library/Java/JavaVirtualMachines/amazon-corretto-8.jdk/Contents/Home/jre/lib/security
=> keytool -list -keystore cacerts
Enter keystore password:
Your keystore contains 155 entries
vs
/Library/Java/JavaVirtualMachines/jdk1.8.0_202.jdk/Contents/Home/jre/lib/security
=> keytool -list -keystore cacerts
Enter keystore password:
Your keystore contains 96 entries
The text was updated successfully, but these errors were encountered: