Hi,
We inherited a Java Application running on RHEL in AWS late last year. It was provisioned every day, across multiple environments, by an automated build. The application uses its own instance of Java and that hasn't changed. However it was configured to look out at system trustStore (/etc/pki/java/cacerts).
All worked fine until 22nd of April (last week) when the application was no longer able to negotiate an SSL Handshake with a downstream server after the nightly build. We have verified the downstream server and nothing changed there.
On closer inspection though it just got really weird. We discovered that the trustStorePassword and trustStoreType parameters were never included as JVM arguments
com.ibm.ssl.trustStore = /etc/pki/java/cacerts - included as a JVM argument
com.ibm.ssl.trustStorePassword = ******** - never included
com.ibm.ssl.trustStoreType = JKS - never included
So my question is, how could the application ever retrieve the signer certs from the store without all 3 arguments being provided?
Thanks.
EddieT