keytool/certificate/encryption woes with Java

I just finished fighting several hours of trying to figure out why I could not access the cacerts in lib/security.

The documentation was clear, but my results kept failing. To view the current certificate authorities in a Java keystore you are supposed to be able to do:

keytool -list -v -keystore $JDK_HOME/jre/library/cacerts

However, I kept on being ask for a password and "changeit" was not being accepted as documented by Sun and other sources.

Even after doing "which keytool" a few times, I still did not notice that I was not running Sun's key tool program because I was seeing a symbolic link in /usr/bin. Finally, I noticed the symbolic link from /usr/bin/keytools was to /etc/alternatives/keytool!

Once I figured that I was running the wrong version, I did an

ls -ld /etc/alternatives grep java

and removed all of the Java files plus keytool and rmiregistry.

I then removed the corresponding symbolic links in /usr/bin. Everything now works because I removed the false Java files from the earlier directories in my path.

I could have avoided the problem if I had just put the Java bin files first. In any case, I have chosen to leave them at the end of my path. I put the Java setup code for my CentOS system in /etc/profile.d/java.sh so that everyone would get the standard Java setup.

[root@anthos ~]# cat /etc/profile.d/java.sh
PATH=$PATH:/usr/local/jdk/latest/jre/bin:/usr/local/jdk/latest/bin:/usr/local/netbeans/latest/bin
export PATH
export JDK_HOME=/usr/local/jdk/latest
export JAVA_HOME=/usr/local/jdk/latest
export CLASSPATH=$JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/rt.jar

It is just amazing how much time you can waste on such stupid things!