Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Where is the truststore located?

Go to answer
fabrice7
Confirmed Champ
Confirmed Champ

‎11-30-2020 09:29 AM

Hello,

I need to run Alfresco Repository and Share 6.2.2 CE such that all traffic is encrypted. I created a PKI and now I need to import the root CA certificate for both Repository and Share. I ran the usual `update-ca-trust` and I can see my root CA certificate has been added to `/etc/pki/ca-trust/extracted/java/cacerts`. Yet, I still get exceptions looking like `can't build certificate path`.

Someone on my team suggested that it could be because Repository and Share use their own trust stores, not the system ones. Is that true? If yes, were are the trust stores for Repository and Share?

Thanks a lot for any help!

Labels:
0 Kudos
1 ACCEPTED ANSWER

Go to answer
fabrice7
Confirmed Champ
Confirmed Champ
In response to fabrice7

‎12-01-2020 10:55 AM

Hi,

OK, a colleague of mine finally found the problem (and the solution). The update-ca-trust command apparently doesn't work very well and I had to manually add the certificate using keytool. For reference the command to use is:

keytool -import -keystore /usr/java/openjdk-11.0.7+10/lib/security/cacerts -file /path/to/myownrootca.crt -alias myrootca -storetype jks -storepass changeit -noprompt -trustcacerts

After that, I couldn't see the "can't build certificate path" exceptions anymore.

View answer in original post

0 Kudos
3 REPLIES 3

Go to answer
angelborroy
Community Manager Community Manager
Community Manager

‎11-30-2020 11:05 AM

They are true.

Hope this helps:

https://hub.alfresco.com/t5/alfresco-content-services-blog/alfresco-mtls-configuration-deep-dive/ba-...

Hyland Developer Evangelist
0 Kudos

Go to answer
fabrice7
Confirmed Champ
Confirmed Champ
In response to angelborroy

‎11-30-2020 11:42 AM

Hi @angelborroy ,

Thanks for the link. Does Alfresco has a default trust store file? Or do I have to create one myself and modify the alfresco-global.properties?

Thanks!

0 Kudos

Go to answer
fabrice7
Confirmed Champ
Confirmed Champ
In response to fabrice7

‎12-01-2020 10:55 AM

Hi,

OK, a colleague of mine finally found the problem (and the solution). The update-ca-trust command apparently doesn't work very well and I had to manually add the certificate using keytool. For reference the command to use is:

keytool -import -keystore /usr/java/openjdk-11.0.7+10/lib/security/cacerts -file /path/to/myownrootca.crt -alias myrootca -storetype jks -storepass changeit -noprompt -trustcacerts

After that, I couldn't see the "can't build certificate path" exceptions anymore.

0 Kudos
Getting started

Explore our Alfresco products with the links below. Use labels to filter content by product module.

Copyright © 2024 Khoros, LLC