Overview

Universal Controller requires a truststore (keystore) in order to support SSL/TLS validation and encryption for LDAPS and HTTPS communications. The truststore will contain the server certificates or the root certificate (Certificate Authority) that issued the server certificate.

...

Server certificates can be imported using the Oracle Java keytool utility, which can be found in the bin sub-directory of the JRE home directory. 

JRE version-specific documentation for the keytool utility can be found at docs.oracle.com. For JRE 8, the documentation is available at http://docs.oracle.com/javase/8/docs/technotes/tools/windows/keytool.html.

You can also manage certificates through the controller UI by using TrustStore Settings on the administration navigation pane. 

Anchor
Configuring Universal Controller Configuring Universal Controller

Configuring Universal Controller

If you choose not to use the JRE keystoreTrustStore, you must configure the following properties in the Universal Controller Start-up Properties (uc.properties) file:

• uc.trustmanager.truststore
• uc.trustmanager.truststore.password

These properties will take effect only after you restart Tomcat.

Anchor
Importing Server Certificates Importing Server Certificates

Importing Server Certificates

After you have obtained the certificate, you will need to import the certificate into the truststore. This can be done with the following example keytool command, which will create the keystore if it does not already exist:

keytool -keystore $JAVA_HOME/lib/security/cacerts -importcert -trustcacerts -file server_ca_certificate.pem -alias serverca

You can also import certificates using TrustStore Settings on the administration navigation pane of the controller.