diff --git a/ca-certificates-mozilla-prebuilt.changes b/ca-certificates-mozilla-prebuilt.changes
index d39ab36..ee2aaa3 100644
--- a/ca-certificates-mozilla-prebuilt.changes
+++ b/ca-certificates-mozilla-prebuilt.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Aug  8 12:16:30 UTC 2024 - Bernhard Wiedemann <bwiedemann@suse.com>
+
+- Re-create java-cacerts with SOURCE_DATE_EPOCH set
+  for reproducible builds (boo#1229003)
+
 -------------------------------------------------------------------
 Tue Apr 11 14:05:12 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org>
 
diff --git a/ca-certificates-mozilla-prebuilt.spec b/ca-certificates-mozilla-prebuilt.spec
index 79eb43b..0c06947 100644
--- a/ca-certificates-mozilla-prebuilt.spec
+++ b/ca-certificates-mozilla-prebuilt.spec
@@ -58,6 +58,10 @@ ln -s /var/lib/ca-certificates/pem %{buildroot}/etc/ssl/certs
 ln -s /var/lib/ca-certificates/ca-bundle.pem %{buildroot}/etc/ssl/ca-bundle.pem
 mkdir -p %{buildroot}/usr/share/factory/var/lib
 cp -a /var/lib/ca-certificates %{buildroot}/usr/share/factory/var/lib
+cadir=%{buildroot}/usr/share/factory/var/lib/ca-certificates
+chmod 755 $cadir
+# re-create java-cacerts with SOURCE_DATE_EPOCH set for reproducible builds (boo#1229003)
+trust extract --format=java-cacerts --purpose=server-auth --filter=ca-anchors --overwrite $cadir/java-cacerts
 # need rpm needs to be able to delete the buildroot
 chmod u+w %{buildroot}/usr/share/factory/var/lib/ca-certificates{,/*}
 mkdir -p %{buildroot}%{_tmpfilesdir}