User profile for user: nairit
nairit Author
User level: Level 1
4 points

Access denied to /System/Library/Java/Support/CoreDeploy.bundle/Contents/Home/lib/security/cacerts although I'm root user

Dear Experts,


I am using OS X El Capitan 10.11.4 on MacBook Pro (Retina, 13-inch, Early 2015), 2.9 GHz Intel Core i5, 8 GB 1867 MHz DDR3, Intel Iris Graphics 6100 1536 MB.


I want to add a Root CA certificate to my root certificate trust store in Java.

Running as root, (or as admin) I try to use the following command :

sudo keytool -import -alias Alias_cert -file /Path_to_cert/CERT.crt -keystore /System/Library/Java/Support/CoreDeploy.bundle/Contents/Home/lib/security/cacer ts -storepass changeit

But I get the following error :

Trust this certificate? [no]: yes

Certificate was added to keystore

keytool error: java.io.FileNotFoundException: /System/Library/Java/Support/CoreDeploy.bundle/Contents/Home/lib/security/cacer ts (Operation not permitted)

I have tried to change the access permissions of "cacerts" using sudo chmod but nothing seems to work.

Please help,

Thanks in advance.

Nairit

MacBook Pro, OS X El Capitan (10.11.4)

Posted on Apr 21, 2016 2:14 PM

Reply
1 reply
User profile for user: calope
calope
User level: Level 1
8 points

Aug 2, 2017 2:44 AM in response to nairit

I have the same problem.


I found this solution, but it's very insecure. osx - Operation Not Permitted when on root El capitan (rootless disabled) - Stack Overflow


Summary:


Nvm. For anyone else having this problem you need to reboot your mac and press ⌘+R when booting up. Then go into Utilities > Terminal and type the following commands:

csrutil disable reboot

This is a result of System Integrity Protection. More info here.

There must be another simpler way.


Other solution (I chose this) was rename the link in the jvm used and copy the new cacert in the original path. For example, for JDK 1.6 I did this:


  • /Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/lib/security$ mv cacerts cacerts.orig
  • /Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/lib/security$ mv <location_path>cacerts .
Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Access denied to /System/Library/Java/Support/CoreDeploy.bundle/Contents/Home/lib/security/cacerts although I'm root user

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up