Configuring the JAVA environment

Setting up the environment

After the package installation is complete, the next step is to make sure that the system can properly find the files. If you set up your login scripts as recommended in The Bash Shell Startup Files, update the environment by creating the openjdk.sh script, as the root user:

cat > /etc/profile.d/openjdk.sh << "EOF"
# Begin /etc/profile.d/openjdk.sh

# Set JAVA_HOME directory
JAVA_HOME=/opt/jdk

# Adjust PATH
pathappend $JAVA_HOME/bin

# Add to MANPATH
pathappend $JAVA_HOME/man MANPATH

# Auto Java CLASSPATH: Copy jar files to, or create symlinks in, the
# /usr/share/java directory. Note that having gcj jars with OpenJDK 8
# may lead to errors.

AUTO_CLASSPATH_DIR=/usr/share/java

pathprepend . CLASSPATH

for dir in `find ${AUTO_CLASSPATH_DIR} -type d 2>/dev/null`; do
    pathappend $dir CLASSPATH
done

for jar in `find ${AUTO_CLASSPATH_DIR} -name "*.jar" 2>/dev/null`; do
    pathappend $jar CLASSPATH
done

export JAVA_HOME
unset AUTO_CLASSPATH_DIR dir jar

# End /etc/profile.d/openjdk.sh
EOF

For allowing mandb to include the OpenJDK man pages in its database, issue, as the root user:

cat >> /etc/man_db.conf << "EOF" &&
# Begin Java addition
MANDATORY_MANPATH     /opt/jdk/man
MANPATH_MAP           /opt/jdk/bin     /opt/jdk/man
MANDB_MAP             /opt/jdk/man     /var/cache/man/jdk
# End Java addition
EOF

mkdir -p /var/cache/man &&
mandb -c /opt/jdk/man

Setting up the Certificate Authority Certificates for Java

OpenJDK uses its own format for the CA certificates. The Java security modules use $JAVA_HOME/lib/security/cacerts by default. In order to keep all the certificates in one place, we use /etc/ssl/java/cacerts. That file should be generated using the system PKI trust store. The instructions on the make-ca-0.9 page should be used to update the file located in /etc/ssl/java. Run the conversion and setup a symlink in the default location as the root user:

/usr/sbin/make-ca -g --force &&
ln -sfv /etc/ssl/java/cacerts /opt/jdk/lib/security/cacerts

Use the following commands to check if the cacerts file has been successfully installed:

cd /opt/jdk
bin/keytool -list -cacerts

At the prompt Enter keystore password:, enter changeit (the default) or just press the “Enter” key. If the cacerts file was installed correctly, you will see a list of the certificates with related information for each one. If not, you need to reinstall them.

If you later install a new JVM, you just have to create the symlink in the default location to be able to use the cacerts.

Last updated on 2018-09-05 19:36:36 -0500