Tuesday, January 22. 2013
Today I wanted to install Java7 JDK on a server with a very minimal Debian base installtion.
First of all add the WebUpd8 teams repository: (Thanks guys!)
$ sudo bash # cd /etc/apt/sources.list.d/ # cat > webupd8team-java.list <<__EOF__ deb http://ppa.launchpad.net/webupd8team/java/ubuntu precise main deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu precise main __EOF__ # apt-key adv --keyserver keyserver.ubuntu.com --recv-keys EEA14886 # aptitude update # aptitude install oracle-java7-installer
This is where the trouble started.
aptitude should install a package called oracle-java7-installer. The package starts a download from oracle.com. However wget fails, because of certificate validation errors:
Connecting to edelivery.oracle.com|220.127.116.11|:443... connected. ERROR: cannot verify edelivery.oracle.com’s certificate, issued by “/C=US/O=Akamai Technologies Inc/CN=Akamai Subordinate CA 3”: Unable to locally verify the issuer’s authority. To connect to edelivery.oracle.com insecurely, use ‘--no-check-certificate’. download failed Oracle JDK 7 is NOT installed.
Google'ing for the reason I found a lot of people having that problem, but all the "solutions" where oviously wrong like
I had another machine where a wget https://edelivery.oracle.com/ had no certificate problems. So, where did wget on that machine get the certificate from?
$ cd /tmp $ strace wget https://edelivery.oracle.com/ 2>&1 | fgrep open [ ... ] open("/usr/lib/ssl/certs/4d654d1d.0", O_RDONLY) = 4 [ ... ]
There we are, a hashed file that contains the certificate.
$ ls -l /usr/lib/ssl/certs/4d654d1d.0 lrwxrwxrwx 1 root root 30 Aug 3 17:28 /usr/lib/ssl/certs/4d654d1d.0 -> GTE_CyberTrust_Global_Root.pem $ ls -l /usr/lib/ssl/certs/GTE_CyberTrust_Global_Root.pem lrwxrwxrwx 1 root root 65 May 12 2011 /usr/lib/ssl/certs/GTE_CyberTrust_Global_Root.pem -> /usr/share/ca-certificates/mozilla/GTE_CyberTrust_Global_Root.crt
Ok, one step closer, but where is that file from? Let's see:
$ dpkg -S /usr/share/ca-certificates/mozilla/GTE_CyberTrust_Global_Root.crt ca-certificates: /usr/share/ca-certificates/mozilla/GTE_CyberTrust_Global_Root.crt
So back to the other Debian box:
# sudo aptitude install ca-certificates
That still didn't fix the problem as the directory still did not exist and the links weren't in there and the hashes neither. A bit more google'ing and I have learned about c_rehash which is in the openssl package that is installed as a dependency of the ca-certificates package. And here are the final commands:
# mkdir /usr/lib/ssl/certs # cd /usr/lib/ssl/certs # chmod 755 . # ln -s /usr/share/ca-certificates/mozilla/* . # /usr/bin/c_rehash /usr/lib/ssl/certs # aptitude install oracle-java7-installer
Et voila! Hope that helps!
Internet Nexialist, Visionary, Trouble Shooter, Trouble Maker, Friend, Foe
Image made with faceyourmanga.com.