update-ca-trust doesn't update cacerts
ngander-amfam opened this issue · 1 comments
ngander-amfam commented
On Amazon Linux 2, jre/lib/security/cacerts is a symlink to /etc/pki/java/cacerts. This enables update-ca-trust to update the java runtime's trust store. However, this image does not do this so updating the system trust stores via update-ca-trust does not update the java trust store.
My current workaround is to copy /etc/pki/ca-trust/extracted/java/cacerts over the JVM's cacerts file after running update-ca-trust.
davecurrie commented
@ngander-amfam Thanks for pointing this out. This happens because we install our own RPM instead of the one that comes with AL2, which behaves as you describe. We'll take a closer look and see what action is appropriate.