---
java_keystore_use_default: false
java_default_keystore: '{{ jdk_java_home }}/jre/lib/security/cacerts'
java_default_truststore: "{{ java_default_keystore }}"
java_keystore_dir: "{{ pki_dir | default('/etc/pki') }}/jdk"
java_keystore_file: "{% if java_keystore_use_default %}{{ java_default_keystore }}{% else %}{{ java_keystore_dir }}/java.jks{% endif %}"
java_truststore_file: "{{ java_keystore_file }}"

java_trusted_certificates_list: []
java_keystore_certs_list: []
java_keystore_cert_alias: '{{ ansible_fqdn }}'
# This is the default password of the JDK keystore. No need to hide it.
# Change it inside a vault file if you need something good
java_keystore_pwd: changeit
java_truststore_pwd: "{{ java_keystore_pwd }}"
java_keystore_letsencrypt_trusted_ca: identrustdstx3
java_import_letsencrypt_cert: true