{"id":21888608,"url":"https://github.com/swisscom/update-java-ca-certificates","last_synced_at":"2025-04-15T10:19:36.064Z","repository":{"id":64297973,"uuid":"445199531","full_name":"swisscom/update-java-ca-certificates","owner":"swisscom","description":"Small utility to convert the system trust store to a system Java KeyStore","archived":false,"fork":false,"pushed_at":"2023-04-07T11:47:36.000Z","size":254,"stargazers_count":17,"open_issues_count":1,"forks_count":5,"subscribers_count":14,"default_branch":"master","last_synced_at":"2025-04-15T10:19:13.195Z","etag":null,"topics":["ca-certificates","java","jks","linux","trust-store"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/swisscom.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-01-06T14:32:06.000Z","updated_at":"2024-12-12T23:07:00.000Z","dependencies_parsed_at":"2024-06-20T13:05:06.553Z","dependency_job_id":"2cef0261-7f63-4c5c-a8b6-b5c13613af67","html_url":"https://github.com/swisscom/update-java-ca-certificates","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swisscom%2Fupdate-java-ca-certificates","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swisscom%2Fupdate-java-ca-certificates/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swisscom%2Fupdate-java-ca-certificates/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swisscom%2Fupdate-java-ca-certificates/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/swisscom","download_url":"https://codeload.github.com/swisscom/update-java-ca-certificates/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249048747,"owners_count":21204306,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ca-certificates","java","jks","linux","trust-store"],"created_at":"2024-11-28T11:16:07.990Z","updated_at":"2025-04-15T10:19:36.041Z","avatar_url":"https://github.com/swisscom.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# update-java-ca-certificates\n\nThis small utility takes care of creating a system-wide trust store\nstarting from your Linux CA trust store.\n\nThis command is supposed to be run after running \n[`update-ca-certificates (8)`](https://manpages.ubuntu.com/manpages/jammy/man8/update-ca-certificates.8.html),\nso that the Java Keystore is in sync with the system trust store.  \n  \nThe issue that this tool is trying to solve is already solved by Arch Linux's \n[update-ca-trust (8)](https://man.archlinux.org/man/update-ca-trust.8). Sadly not all the Linux distributions\nhave solved the issue (yet), thus this is a tool to help standardize the mess that's currently out there in terms\nof path standardization and ca-certificates location.\n\n## Usage\n\n```\nUsage: update-java-ca-certificates [--debug] [--force] [--certificate-bundle CERTIFICATE-BUNDLE] [--password PASSWORD] FILE\n\nPositional arguments:\n  FILE\n\nOptions:\n  --debug, -D\n  --force, -f\n  --certificate-bundle CERTIFICATE-BUNDLE, -c CERTIFICATE-BUNDLE [default: /etc/ssl/certs/ca-certificates.crt]\n  --password PASSWORD, -p PASSWORD [default: changeit]\n  --help, -h             display this help and exit\n```\n\n### Example\n\n```\nupdate-java-ca-certificates -c /etc/ssl/certs/ca-certificates.crt /etc/ssl/java/cacerts\n```\n\n#### Result\n\n```\nkeytool -list -keystore /etc/ssl/java/cacerts -storepass changeit\n\nKeystore type: JKS\nKeystore provider: SUN\n\nYour keystore contains 137 entries\n\n02ed0eb28c14da45165c566791700d6451d7fb56f0b2ab1d3b8eb070e56edff5, 6 Jan 2022, trustedCertEntry, \nCertificate fingerprint (SHA-256): 02:ED:0E:B2:8C:14:DA:45:16:5C:56:67:91:70:0D:64:51:D7:FB:56:F0:B2:AB:1D:3B:8E:B0:70:E5:6E:DF:F5\n(...)\n```\n\n## Building\n\n### Requirements\n\n- Golang (1.19+)\n- Make\n\n### Steps\n\n```\nmake\n./bin/update-java-ca-certificates -h\n```\n\n## Paths\n\nThis tool assumes the directories are set up according to what\n[update-ca-trust (8)](https://man.archlinux.org/man/update-ca-trust.8) uses.\n\n### `/etc/ssl/certs`\n\nThis directory should contain individual CA certificates trusted for TLS authentication usage.\nThe format to be used is the `BEGIN CERTIFICATE` / `END CERTIFICATE` one.\n\nIf you are able to parse the certificate with:\n```\nopenssl x509 -in /etc/ssl/certs/your-certificate.pem  -noout -text\n```\n\nthen you're good.\n\n### `/etc/ssl/ca-certificates.crt`\n\nThis file contains a bundle that is updated by `update-ca-trust` / `update-ca-certificates`.\n\n### `/etc/ssl/java/cacerts`\n\nThis file contains the trust anchor for Java. Its format is the \n[Java Key Store (`JKS`)](https://docs.oracle.com/javase/7/docs/technotes/guides/security/crypto/CryptoSpec.html#KeyManagement).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fswisscom%2Fupdate-java-ca-certificates","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fswisscom%2Fupdate-java-ca-certificates","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fswisscom%2Fupdate-java-ca-certificates/lists"}