Where is the truststore located?

cancel
Showing results for 
Search instead for 
Did you mean: 
Partner

Where is the truststore located?

Jump to solution

Hello,

I need to run Alfresco Repository and Share 6.2.2 CE such that all traffic is encrypted. I created a PKI and now I need to import the root CA certificate for both Repository and Share. I ran the usual `update-ca-trust` and I can see my root CA certificate has been added to `/etc/pki/ca-trust/extracted/java/cacerts`. Yet, I still get exceptions looking like `can't build certificate path`.

Someone on my team suggested that it could be because Repository and Share use their own trust stores, not the system ones. Is that true? If yes, were are the trust stores for Repository and Share?

Thanks a lot for any help!

1 Solution

Accepted Solutions
Partner

Re: Where is the truststore located?

Jump to solution

Hi,

OK, a colleague of mine finally found the problem (and the solution). The update-ca-trust command apparently doesn't work very well and I had to manually add the certificate using keytool. For reference the command to use is:

keytool -import -keystore /usr/java/openjdk-11.0.7+10/lib/security/cacerts -file /path/to/myownrootca.crt -alias myrootca -storetype jks -storepass changeit -noprompt -trustcacerts

After that, I couldn't see the "can't build certificate path" exceptions anymore.

View solution in original post

3 Replies
Alfresco Employee

Re: Where is the truststore located?

Jump to solution

They are true.

Hope this helps:

https://hub.alfresco.com/t5/alfresco-content-services-blog/alfresco-mtls-configuration-deep-dive/ba-...

Software Engineer in Alfresco Search Team.
Partner

Re: Where is the truststore located?

Jump to solution

Hi @angelborroy ,

Thanks for the link. Does Alfresco has a default trust store file? Or do I have to create one myself and modify the alfresco-global.properties?

Thanks!

Partner

Re: Where is the truststore located?

Jump to solution

Hi,

OK, a colleague of mine finally found the problem (and the solution). The update-ca-trust command apparently doesn't work very well and I had to manually add the certificate using keytool. For reference the command to use is:

keytool -import -keystore /usr/java/openjdk-11.0.7+10/lib/security/cacerts -file /path/to/myownrootca.crt -alias myrootca -storetype jks -storepass changeit -noprompt -trustcacerts

After that, I couldn't see the "can't build certificate path" exceptions anymore.

View solution in original post