User/Application Certificates Created in $JAVA_HOME/jre/lib/security/jssecacerts Have Dependencies on Mammoth Upgrades that Upgrade Java. (Doc ID 2253796.1)

Last updated on NOVEMBER 06, 2023

Applies to:

Symptoms

User/application generated certificates created in $JAVA_HOME/jre/lib/security/jssecacerts file have dependencies on Mammoth upgrades that upgrade Java.

When a TLS handshake takes place the client will check, in this order,

1. It's truststore (if configured)
2. $JAVA_HOME/jre/lib/security/jssecacerts
3. $JAVA_HOME/jre/lib/security/cacerts

If $JAVA_HOME/jre/lib/security/jssecacerts is used for a TLS handshake, it will be lost after a Java upgrade.  This is true regardless of whether the Java upgrade is a result of a Mammoth upgrade (which upgrades Java) or Java upgrade for another reason.

For example, in the case of a BDA upgrade from V4.5 to V4.7 where Mammoth upgrades Java, after the BDA upgrade is complete it will not be possible to log into Cloudera Manager(CM) using LDAP if the $JAVA_HOME/jre/lib/security/jssecacerts was created by a user/application to be used by CM.

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.