Installing Java7 on Debian Servers

It's a maexotic world ...


Today I wanted to install Java7 JDK on a server with a very minimal Debian base installtion.

First of all add the WebUpd8 teams repository: (Thanks guys!)

$ sudo bash
# cd /etc/apt/sources.list.d/
# cat > webupd8team-java.list <<__EOF__
deb http://ppa.launchpad.net/webupd8team/java/ubuntu precise main
deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu precise main
__EOF__
# apt-key adv --keyserver keyserver.ubuntu.com --recv-keys EEA14886
# aptitude update
# aptitude install oracle-java7-installer

This is where the trouble started.

aptitude should install a package called oracle-java7-installer. The package starts a download from oracle.com. However wget fails, because of certificate validation errors:

Connecting to edelivery.oracle.com|23.57.114.174|:443... connected.
ERROR: cannot verify edelivery.oracle.com’s certificate, issued by
    “/C=US/O=Akamai Technologies Inc/CN=Akamai Subordinate CA 3”:
    Unable to locally verify the issuer’s authority.
To connect to edelivery.oracle.com insecurely, use ‘--no-check-certificate’.
download failed
Oracle JDK 7 is NOT installed.

Google'ing for the reason I found a lot of people having that problem, but all the "solutions" where oviously wrong like

  • delete apt caches and start from scratch
  • get it from somewhere else
  • ...
The problem is clearly a certificate error and has nothing to do with the package or caches or anything else.

I had another machine where a wget https://edelivery.oracle.com/ had no certificate problems. So, where did wget on that machine get the certificate from?

$ cd /tmp
$ strace wget https://edelivery.oracle.com/ 2>&1 | fgrep open
  [ ... ]
open("/usr/lib/ssl/certs/4d654d1d.0", O_RDONLY) = 4
  [ ... ]

There we are, a hashed file that contains the certificate.

$ ls -l /usr/lib/ssl/certs/4d654d1d.0
lrwxrwxrwx 1 root root 30 Aug 3 17:28 /usr/lib/ssl/certs/4d654d1d.0 -> GTE_CyberTrust_Global_Root.pem
$ ls -l /usr/lib/ssl/certs/GTE_CyberTrust_Global_Root.pem
lrwxrwxrwx 1 root root 65 May 12  2011 /usr/lib/ssl/certs/GTE_CyberTrust_Global_Root.pem ->
        /usr/share/ca-certificates/mozilla/GTE_CyberTrust_Global_Root.crt

Ok, one step closer, but where is that file from? Let's see:

$ dpkg -S /usr/share/ca-certificates/mozilla/GTE_CyberTrust_Global_Root.crt
ca-certificates: /usr/share/ca-certificates/mozilla/GTE_CyberTrust_Global_Root.crt

So back to the other Debian box:

# sudo aptitude install ca-certificates

That still didn't fix the problem as the directory still did not exist and the links weren't in there and the hashes neither. A bit more google'ing and I have learned about c_rehash which is in the openssl package that is installed as a dependency of the ca-certificates package. And here are the final commands:

# mkdir /usr/lib/ssl/certs
# cd /usr/lib/ssl/certs
# chmod 755 .
# ln -s /usr/share/ca-certificates/mozilla/* .
# /usr/bin/c_rehash /usr/lib/ssl/certs
# aptitude install oracle-java7-installer

Et voila! Hope that helps!




Comments

Add Comment

Standard emoticons like :-) and ;-) are converted to images.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA