Automatic import of trusted certificates to the Java truststore

Note

This document describes how to automatically update the truststore used by Java with your own trusts placed in a local folder.

Configuration

Create a folder reachable for the PAS server where you will place your truststores, such as "PAS-INSTALLATION"\overlay\truststores
Place your custom truststores in the newly created folder (PEM or plain b64, filename will be used as alias)
Configure the java VM option -Dcom.phenixidentity.cacerts.dir and point it to your newly created directory, ex:
```
-Dcom.phenixidentity.cacerts.dir=overlay\truststores
```
Restart PAS service

For information about how to configure Java VM options, see the documentation about extra VM options

Warning

Destination truststore must be writable for the PAS-application. This is usually, relative to the installation directory, the file: jre/lib/security/cacerts

Verify

At server startup, lines similar to these will be written to the server.log file

2022-05-25 16:11:06,114 [NodeVerticle]  INFO: Importing CA certs from: C:\Program Files\PhenixID\Server\overlay\truststores
2022-05-25 16:11:06,115 [NodeVerticle]  INFO: Importing CA certs to: c:\program files\phenixid\server\jre\lib\security\cacerts

You will also note that the cacerts file is modified at each restart.

Table of Contents

Automatic import of trusted certificates to the Java truststore

Note

Configuration

Warning

Verify

Tags