Any update of OpenJDK overwrites the file containing the CACERTs accepted by Java (the keystore in Java lingo).
To have Java continue connecting to AIT services with the Insitute self-signed certificates, you must upgrade /usr/local/openjdk7/jre/lib/security/cacerts:
keytool -keystore /usr/local/openjdk7/jre/lib/security/cacerts -importcert \ -trustcacerts -file ~on/SSL/ca/ait-new.crt -alias "ait new bundle (RSA)" \ -storepass changeit keytool -keystore /usr/local/openjdk7/jre/lib/security/cacerts -importcert \ -trustcacerts -file ~on/SSL/ca/ait-itserv.crt -alias "ait old bundle (IDE)" \ -storepass changeitApache-tomcat
An upgrade of Apache-tomcat will reset the ownership of many directories in Apache-tomcat installation to www.
To keep Apache-tomcat running with the user tomcat you must change the wonership back:
sudo chown -R tomcat:tomcat /usr/local/apache=-tomcat-8.0