https://github.com/timja/openjdk-intermediate-ca-reproducer
https://github.com/timja/openjdk-intermediate-ca-reproducer
Last synced: 11 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/timja/openjdk-intermediate-ca-reproducer
- Owner: timja
- Created: 2025-01-03T15:19:28.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2025-02-21T09:29:17.000Z (over 1 year ago)
- Last Synced: 2025-06-08T05:09:30.986Z (about 1 year ago)
- Language: Shell
- Size: 5.86 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Reproduce Java Chain issue
Requirements:
* On a Mac
* Docker
* Docker compose
* OpenSSL
## Create certificates
```shell
./bin/setup.sh
docker compose up
```
## Configure certificate trust
Install the root and intermediate certs to your Keychain.
Your user keychain is fine (login).
If you double click the cert it may try use your system one which is ok but may not work if you don't have admin access.
Instead you can just drag and drop the certificates into the keychain.
Double click the root in the keychain and expand the trust section and set to "Always Trust".
Then open the URL in your browser and validate its trusted: https://localhost:8443
You should see a page with "Hello, World!".
## Run with Java
```shell
java Main.java https://localhost:8443 KeychainStore
```
### Expected with Java 23
```text
Exception in thread "main" java.lang.RuntimeException: Test failed:
at Main.main(Main.java:36)
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
```
### Expected with https://github.com/openjdk/jdk/pull/22911
Command:
```shell
/Users/timja/projects/jdk/build/macosx-aarch64-server-release/jdk/bin/java Main.java https://localhost:8443 KeychainStore
```
Output:
```
timja-intermediate
timja-root
size:
Success
```