Configuring the JAVA environment

Setting up the environment

After the package installation is complete, the next step is to make sure that the system can properly find the files. If you set up your login scripts as recommended in The Bash Shell Startup Files, update the environment by creating the openjdk.sh script, as the root user:

cat > /etc/profile.d/openjdk.sh << "EOF"
# Begin /etc/profile.d/openjdk.sh

# Set JAVA_HOME directory
JAVA_HOME=/opt/jdk

# Adjust PATH
pathappend $JAVA_HOME/bin

# Add to MANPATH
pathappend $JAVA_HOME/man MANPATH

# Auto Java CLASSPATH: Copy jar files to, or create symlinks in, the
# /usr/share/java directory.

AUTO_CLASSPATH_DIR=/usr/share/java

pathprepend . CLASSPATH

for dir in `find ${AUTO_CLASSPATH_DIR} -type d 2>/dev/null`; do
    pathappend $dir CLASSPATH
done

for jar in `find ${AUTO_CLASSPATH_DIR} -name "*.jar" 2>/dev/null`; do
    pathappend $jar CLASSPATH
done

export JAVA_HOME
unset AUTO_CLASSPATH_DIR dir jar

# End /etc/profile.d/openjdk.sh
EOF

If Sudo-1.9.11p3 is installed, the super user should have access to the above variables. Execute the following commands as the root user:

cat > /etc/sudoers.d/java << "EOF"
Defaults env_keep += JAVA_HOME
Defaults env_keep += CLASSPATH
EOF

To use mandb to include the OpenJDK man pages in its database, issue, as the root user:

cat >> /etc/man_db.conf << "EOF" &&
# Begin Java addition
MANDATORY_MANPATH     /opt/jdk/man
MANPATH_MAP           /opt/jdk/bin     /opt/jdk/man
MANDB_MAP             /opt/jdk/man     /var/cache/man/jdk
# End Java addition
EOF

mkdir -p /var/cache/man &&
mandb -c /opt/jdk/man

Setting up the Certificate Authority Certificates for Java

OpenJDK uses its own format for the CA certificates. The Java security modules use $JAVA_HOME/lib/security/cacerts by default. In order to keep all the certificates in one place, we use /etc/ssl/java/cacerts. The instructions on the make-ca-1.10 page previously created the file located in /etc/ssl/java. Setup a symlink in the default location as the root user:

ln -sfv /etc/pki/tls/java/cacerts /opt/jdk/lib/security/cacerts

Use the following command to check if the cacerts file has been successfully installed:

/opt/jdk/bin/keytool -list -cacerts

At the prompt Enter keystore password:, enter changeit (the default) or just press the Enter key. If the cacerts file was installed correctly, you will see a list of the certificates with related information for each one. If not, you need to reinstall them.

If you later install a new JVM, you just have to create the symlink in the default location to be able to use the cacerts.