Custom SSL certificates for JDK

Help
21

@raboof thanks for your answer. Unfortunately I can’t give you much of a response, as I’m really new to this ecosystem (Android, actually) and really don’t know what’s what, yet. I’m really just trying to follow the onboarding steps and adapt them to NixOS. I don’t know what these certificates will be used for.

I’ll keep your answer in mind though. Maybe it’ll become clearer in the coming weeks :slight_smile:

22

Anyway, I seem to have found a solution using a very different approach, which seems to also work for the oracle jdks (not sure any of the other advice here would). Please feel free to have a look and comment on that: Altering package (oraclejdk11) installation fails - #2 by mvb

23

I have just discovered this today, sorry for necro-thread! I also need to add a custom root certificate to my JDK so that Keycloak can communicate with LDAP over SSL.

Sadly, it doesn’t work if I have stuff in a flake. I end up with a failure:

building the system configuration...
error:
       … while calling the 'head' builtin

         at /nix/store/lzhqf5y9dcgfkg5f7f96jjc814pgrsqy-source/lib/attrsets.nix:1575:11:

         1574|         || pred here (elemAt values 1) (head values) then
         1575|           head values
             |           ^
         1576|         else

       … while evaluating the attribute 'value'

         at /nix/store/lzhqf5y9dcgfkg5f7f96jjc814pgrsqy-source/lib/modules.nix:809:9:

          808|     in warnDeprecation opt //
          809|       { value = builtins.addErrorContext "while evaluating the option `${showOption loc}':" value;
             |         ^
          810|         inherit (res.defsFinal') highestPrio;

       (stack trace truncated; use '--show-trace' to show the full trace)

       error: attribute 'system' missing

       at /nix/store/lzhqf5y9dcgfkg5f7f96jjc814pgrsqy-source/lib/modules.nix:508:28:

          507|         builtins.addErrorContext (context name)
          508|           (args.${name} or config._module.args.${name})
             |                            ^
          509|       ) (lib.functionArgs f);

my flake code is here, and commented out at the moment, because the flake cannot build: nixos-configuration/hosts/common/default.nix at main - kowis-projects/nixos-configuration - Kowis Software Forge

Thanks in advance for any advice. I don’t yet know enough about nix to figure this one out on my own.