Bug#611721: jxplorer: imposible to use SSL certificates
Witold Baryluk
Version: 3.2.1+dfsg-5
Severity: normal
I tried really hard, but have no idea how to
add /etc/ssl/certs directory as CApath.
I cannot even add single CA certificate.
I tried changing paths (default is /etc/ssl/certs/java/cacerts
which do not exists), files, keystore types. Nothing helps.
jxplorer asks me for some passphrases, or tells me that
there is no such file.
-- System Information:
Debian Release: 6.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores)
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages jxplorer depends on:
ii java-wrappers 0.1.16 wrappers for java executables
ii javahelp2 2.0.05.ds1-4 Java based help system
ii junit 3.8.2-4 Automated testing framework for Ja
ii sun-java6-jre 6.22-1 Sun Java(TM) Runtime Environment (
jxplorer recommends no packages.
jxplorer suggests no packages.
-- debconf-show failed
--
To UNSUBSCRIBE, email to debian-bugs-...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Gabriele Giacone
> I tried really hard, but have no idea how to
> add /etc/ssl/certs directory as CApath.
> I cannot even add single CA certificate.
>
> I tried changing paths (default is /etc/ssl/certs/java/cacerts
> which do not exists), files, keystore types. Nothing helps.
> jxplorer asks me for some passphrases, or tells me that
> there is no such file.
As "Security menu - Advanced Keystore Options" says, default CA
keystore is /etc/ssl/certs/java/cacerts.
Please install "ca-certificates-java", which it's already installed if
you use "openjdk-6-jre" from main.
Then please read /usr/share/doc/jxplorer/NEWS.Debian.gz
Witold Baryluk
> On Tue, Feb 1, 2011 at 1:15 PM, Witold Baryluk <bar...@smp.if.uj.edu.pl> wrote:
> > I tried really hard, but have no idea how to
> > add /etc/ssl/certs directory as CApath.
> > I cannot even add single CA certificate.
> >
> > I tried changing paths (default is /etc/ssl/certs/java/cacerts
> > which do not exists), files, keystore types. Nothing helps.
> > jxplorer asks me for some passphrases, or tells me that
> > there is no such file.
>
> As "Security menu - Advanced Keystore Options" says, default CA
> keystore is /etc/ssl/certs/java/cacerts.
I have no idea why.
> Please install "ca-certificates-java", which it's already installed if
> you use "openjdk-6-jre" from main.
>
> Then please read /usr/share/doc/jxplorer/NEWS.Debian.gz
I installed ca-certificates-java, and it automagically create /etc/ssl/certs/java/cacerts,
and added my certificates from /etc/ssl/certs/ and other standard Debian locations
(/usr/local/share/ca-certificates/). It is really shame that Java cannot just directly use
/etc/ssl/certs files, and needed some converter :(
I assume it have something to do with portability of java.
How about adding Recomends: ca-certificates-java. I do not know why,
but i did have it installed on this box. (I check also on 3 other machine
where I have java and there was no ca-certificates-java, only ca-certificates).
Thanks, and sorry for not reading NEWS.Debian.gz.
As I say option in UI, i expected that standard PEM files would be supported.
And still think that they should, i wonder why they are not already
supported in java nativly. PEM (DER) is pretty standard format.
--
Witold Baryluk
JID: witold.baryluk // jabster.pl
Gabriele Giacone
> On 02-01 14:41, Gabriele Giacone wrote:
>> On Tue, Feb 1, 2011 at 1:15 PM, Witold Baryluk <bar...@smp.if.uj.edu.pl> wrote:
>> > I tried really hard, but have no idea how to
>> > add /etc/ssl/certs directory as CApath.
>> > I cannot even add single CA certificate.
>> >
>> > I tried changing paths (default is /etc/ssl/certs/java/cacerts
>> > which do not exists), files, keystore types. Nothing helps.
>> > jxplorer asks me for some passphrases, or tells me that
>> > there is no such file.
>>
>> As "Security menu - Advanced Keystore Options" says, default CA
>> keystore is /etc/ssl/certs/java/cacerts.
>
> I have no idea why.
I decided to set it so to follow debian way, with java CA certificates
in ca-certificates-java.
>> Please install "ca-certificates-java", which it's already installed if
>> you use "openjdk-6-jre" from main.
>>
>> Then please read /usr/share/doc/jxplorer/NEWS.Debian.gz
>
> I installed ca-certificates-java, and it automagically create /etc/ssl/certs/java/cacerts,
> and added my certificates from /etc/ssl/certs/ and other standard Debian locations
> (/usr/local/share/ca-certificates/). It is really shame that Java cannot just directly use
> /etc/ssl/certs files, and needed some converter :(
> I assume it have something to do with portability of java.
That's the way java handles certificates: java keystores.
> How about adding Recomends: ca-certificates-java. I do not know why,
> but i did have it installed on this box. (I check also on 3 other machine
> where I have java and there was no ca-certificates-java, only ca-certificates).
Probably all machines you mentioned have sun-java6-jre (non-free)
instead of openjdk6-jre (main). Just the latter depends on
ca-certificates-java.
I'll add it as Recommends as you suggest or I'll try to figure out if
it's better proposing it as sun-java6-jre dependency.
> Thanks, and sorry for not reading NEWS.Debian.gz.
No problem. Thanks for your bug.
Cheers,
Gabriele
> As I say option in UI, i expected that standard PEM files would be supported.
> And still think that they should, i wonder why they are not already
> supported in java nativly. PEM (DER) is pretty standard format.
--