SUN Java Development Kit 6 Installation on Debian Lenny

First, install the 'JDK6' package from the Lenny distribution.

apt-get install sun-java6-jdk

While installing, you will be requested for input two times. Please, select 'OK' on the first question, and 'Yes' to the second question.

If there are already other Java VM's installed to the system, consider to set JDK6 ("/usr/lib/jvm/java-6-sun/jre/bin/java(c)") as default Java runtime environment and compiler.

update-alternatives --config java
update-alternatives --config javac

Then, edit /etc/profile and add the system's environment variable JAVA_HOME to your environment permanently.

export JAVA_HOME=/usr/lib/jvm/java-6-sun

Managing Java Key and Trust Stores

Finally, update the original Java Truststore /etc/java-6-sun/security/cacerts with those certificates relevant to EDIT. WP 5.7 Certification Authority's RootCA provides a Java truststore including the current certificates of its rootCA and serverCA. Set the file's ACL accordingly.

cp /etc/java-6-sun/security/cacerts /etc/java-6-sun/security/cacerts.orig
cp /etc/java-6-sun/security/cacerts
chown root:root /etc/java-6-sun/security/cacerts
chmod 644 /etc/java-6-sun/security/cacerts

Alternatively, you can manage your own Java Truststore and integrate your own certificates, when needed. The following commands show how the EDIT Java Truststore has been created. The default password of the original Java Truststore is changeit.

keytool -import -v -alias EDIT-RootCA -keystore /etc/java-6-sun/security/cacerts -storepass changeit -file /etc/ssl/certs/EDIT-WP5.7-cacert.pem
keytool -import -v -alias EDIT-ServerCA -keystore /etc/java-6.0-sun/security/cacerts -storepass changeit -file /etc/ssl/certs/EDIT-WP5.7-ServerCA-cacert.pem

Alternatively, IBM KeyMan is a comfortable Java keystore management tool.

PKCS!#12 Keystore creation

In order to handle SSL connections, keystores containing the servers key, certificate and the CA certificate chain to the server's certificate are often required by application.

Presuming, the files are available as PEM-encoded files, a likely PKCS!#12 keystore can be created using OpenSSL. Though, the following command create a PKCS!#12 keystore (server.p12) using openssl from the server's PEM encoded certificate (server-cert.pem) and key file (server-key.pem) and the CA certificate chain file (cert-chain.pem), and protects it by the password "secret"

openssl pkcs12 -export -in server-cert.pem -inkey server-key.pem -out server.p12 -name tomcat -CAfile cert-chain.pem -chain -passout pass:secret

Convert PKCS!#12 Keystore to JKS

If you need to reuse an already created PKCS!#12 Keystore in JKS format, using the following Java keytool command a PKCS!#12 Keystore can be converted into a JKS keystore

keytool -importkeystore -srckeystore keystore.p12 -destkeystore keystore.jks -srcstoretype pkcs12 -deststoretype jks -srcstorepass secret -deststorepass secret

Updated by Lutz Suhrbier over 11 years ago ยท 8 revisions