Registry key software javasoft java runtime environment

Copy link. Any ETA on when this will be fixed? Because i have issues with the installer too. Hi, All current windows installers support adding registry keys. Yihao-G mentioned this issue Dec 18, Sign up for free to subscribe to this conversation on GitHub.

Already have an account? Sign in. Linked pull requests. You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Hi douph1 - So to be clear there are other vendors who do set the JavaSoft key? Or is it only Oracle that does? All the above Ojdkbuild, Zulu Amazon Project not updated arent dead project?

They will continue to work with old Oracle. Tagging poidasmith. I'm bringing this statement back up again as I haven't seen any mention of it. CurrentVersion from a Desktop support perspective usually means "the last one you installed". From my corner of the world, we had historically targeted whatever java.

But I still have concerns with this mentality. If you're adding java. The code defines it, but at a glance doesn't use it. Would that satisfy folks?

For one, the way the license change in Oracle Java 11 and the pitching of OpenJDK as the proper alternative was communicated, a huge amount of people out there come with the expectation of OpenJDK as a drop-in replacement.

So if they don't get that, they are dissatisfied and probably move on. At the same time, there is a good deal of software out there relying on the current registry entries, and experience shows that adoption of new entries by installers etc will take a while, and then it'll take even longer until all their clients have picked up those new versions for their software. By then, most folks will probably have settled in with a different distribution that fits their needs. I have recently brought one of my own projects up to speed for Java 11, and looking into what OpenJDK installation to suggest to our users was part of it we might move to a bundled JRE in the future though, making the point moot.

But the fact that there isn't a Java 11 installer for Windows was a blocker for me. And an "incompatible" registry key would be as well. While it would be easy to get my own project to use your key, I'd still face a significantly high risk that it won't work with other software of my users, and their dissatisfaction would fall back on me. So right now, I'll go with Ojdkbuild, because it ticks all the boxes and looks the most vendor-neutral. To be a bit more constructive: As suggested before, I'd present the option to create the JavaSoft key in the installer, as most of the other distributions seem to do already.

I also like the idea of not overwriting an existing key. So I would suggest something like. This way, the AdoptOpenJDK installer plays nice with other distributions, yet fulfills all user expectations. And it also "softly" establishes your own key. Tofurther enhance the security of your website, you should evaluate to use theHSTS header.

It allows you to communicate to the browser that your site shouldalways be accessed over https. Using name-based virtual hosts on a secured connection requires carefulconfiguration of the names specified in a single certificate or Tomcat 8.

This tool is included in the JDK. Each entry in a keystore is identified by an alias string. Whilst manykeystore implementations treat aliases in a case insensitive manner, casesensitive implementations are available. The PKCS11 specification,for example, requires that aliases are case sensitive.

To avoid issues relatedto the case sensitivity of aliases, it is not recommended to use aliases thatdiffer only in case. To import an existing certificate into a JKS keystore, please read thedocumentation in your JDK documentation package about keytool.

Note that OpenSSL often adds readable comments before the key, but keytool does not support that. So if your certificate hascomments before the key data, remove them before importing the certificate with keytool.

To create a new JKS keystore from scratch, containing a singleself-signed Certificate, execute the following from a terminal command line:. The RSA algorithm should be preferred as a secure algorithm, and thisalso ensures general compatibility with other servers and components.

This command will create a new file, in the home directory of the userunder which you run it, named '. To specify adifferent location or filename, add the -keystore parameter,followed by the complete pathname to your keystore file,to the keytool command shown above. You will also need toreflect this new location in the server. For example:.

After executing this command, you will first be prompted for the keystorepassword. The default password used by Tomcat is ' changeit ' all lower case , although you can specify a custom password if you like.

You will also need to specify the custom password in the server. Next, you will be prompted for general information about this Certificate,such as company, contact name, and so on. This information will be displayedto users who attempt to access a secure page in your application, so makesure that the information provided here matches what they will expect. Finally, you will be prompted for the key password , which is thepassword specifically for this Certificate as opposed to any otherCertificates stored in the same keystore file.

The keytool promptwill tell you that pressing the ENTER key automatically uses the same passwordfor the key as the keystore.

You are free to use the same password or to selecta custom one. If you select a different password to the keystore password, youwill also need to specify the custom password in the server. If everything was successful, you now have a keystore file with aCertificate that can be used by your server. The exact configuration details depend on which implementation is being used. If the installation uses APR- i. Auto-selection of implementation can be avoided if needed. It is done by specifying a classnamein the protocol attribute of the Connector.

The default value is on and if you specify another value,it has to be a valid OpenSSL engine name. SSLRandomSeed allows to specify a source of entropy.

An example of an APR configuration is:. The configuration options and information on which attributesare mandatory, are documented in the SSL Support section of theHTTP connector configurationreference.

Make sure that you use the correct attributes for the connector youare using. You canchange this to any port number you wish such as to the default port for https communications, which is However, special setup outside the scope of this document is necessary to run Tomcat on portnumbers lower than on many operating systems. If you change the port number here, you should also change the value specified for the redirectPort attribute on the non-SSL connector.

This allows Tomcat to automatically redirect users who attempt to access a page with a security constraint specifying that SSL is required, as required by the Servlet Specification. After completing these configuration changes, you must restart Tomcat asyou normally do, and you should be in business. You should be able to accessany web application supported by Tomcat via SSL.

For example, try:. If this does not work, the following sectioncontains some troubleshooting tips. To obtain and install a Certificate from a Certificate Authority like verisign. To create a CSR follow these steps:. Now you have a file called certreq. In return you get a Certificate. Now that you have your Certificate you can import it into you local keystore.

First of all you have to import a so called Chain Certificate or Root Certificate into your keystore. After that you can proceed with importing your Certificate. Each Certificate Authority tends to differ slightly from the others.

Additionally, the rules thatthe Certificate Authorities use for issuing certifcates change over time. As aresult you may find that the commands given above may need to be modified. Ifyou require assitance then help is available via theApache Tomcat usersmailing list.

Furthermore, if you use the Windows platform, ensure you download theocsp-enabled connector. The basic OCSP-related certificate authority settings in the openssl. The settings above encode the OCSP responder address Note that for the following steps, you must have openssl. To generate an OCSP-enabled certificate:.