My Oracle Support Banner

User/Application Certificates Created in $JAVA_HOME/jre/lib/security/jssecacerts Have Dependencies on Mammoth Upgrades that Upgrade Java. (Doc ID 2253796.1)

Last updated on MAY 06, 2022

Applies to:

Big Data Appliance Integrated Software - Version 4.5.0 and later
Linux x86-64


User/application generated certificates created in $JAVA_HOME/jre/lib/security/jssecacerts file have dependencies on Mammoth upgrades that upgrade Java.

When a TLS handshake takes place the client will check, in this order,

  1. It's truststore (if configured)
  2. $JAVA_HOME/jre/lib/security/jssecacerts
  3. $JAVA_HOME/jre/lib/security/cacerts

If $JAVA_HOME/jre/lib/security/jssecacerts is used for a TLS handshake, it will be lost after a Java upgrade.  This is true regardless of whether the Java upgrade is a result of a Mammoth upgrade (which upgrades Java) or Java upgrade for another reason.

For example, in the case of a BDA upgrade from V4.5 to V4.7 where Mammoth upgrades Java, after the BDA upgrade is complete it will not be possible to log into Cloudera Manager(CM) using LDAP if the $JAVA_HOME/jre/lib/security/jssecacerts was created by a user/application to be used by CM.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
 Proactive Workaround
 Reactive Workaround

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.