update-ca-trust doesn't update cacerts

[ngander-amfam]

On Amazon Linux 2, jre/lib/security/cacerts is a symlink to /etc/pki/java/cacerts. This enables update-ca-trust to update the java runtime's trust store. However, this image does not do this so updating the system trust stores via update-ca-trust does not update the java trust store.

My current workaround is to copy /etc/pki/ca-trust/extracted/java/cacerts over the JVM's cacerts file after running update-ca-trust.

[davecurrie]

@ngander-amfam Thanks for pointing this out. This happens because we install our own RPM instead of the one that comes with AL2, which behaves as you describe. We'll take a closer look and see what action is appropriate.