Sync Openfire's truststore with Mozilla's shipped CAs
Description
Need to include letsencrypt CA to support letsencrypt usage by Openfire
Openfire's distributed truststore already has "dst_root_ca_x3", so I have taken the liberty to hijack this ticket to be more general "update truststore" to match what Mozilla provides
So I don't think the latest debian ca-certificates package has letsencrypt CA included, so dwd's approach above won't work in this case (still would be worth doing though). Anyway, while JRE 8 now includes this, openfire does not use it, but provides it own local truststore.
Nathan Neulinger
August 1, 2016 at 1:36 PM
FYI - as of JDK/JRE 8u102 - letsencrypt upstream CA is included in the default trust store.
dna
July 16, 2016 at 8:30 PM
See also
Daryl Herzmann
July 15, 2016 at 4:06 PM
dwd's previous commit may just need to be repeated then. I don't have immediate access to the same directory structure
Need to include letsencrypt CA to support letsencrypt usage by Openfire
Openfire's distributed truststore already has "dst_root_ca_x3", so I have taken the liberty to hijack this ticket to be more general "update truststore" to match what Mozilla provides