Panel | |
---|---|
|
Overview
Universal Controller requires a truststore (keystore) in order to support SSL/TLS validation and encryption for LDAPS and HTTPS communications. The truststore will contain the server certificates or the root certificate (Certificate Authority) that issued the server certificate.
...
Server certificates can be imported using the Oracle Java keytool utility, which can be found in the bin
sub-directory of the JRE home directory.
JRE version-specific documentation for the keytool utility can be found at docs.oracle.com. For JRE 8, the documentation is available at http://docs.oracle.com/javase/8/docs/technotes/tools/windows/keytool.html.
You can also manage certificates through the controller UI by using TrustStore Settings on the administration navigation pane.
Anchor | ||||
---|---|---|---|---|
|
If you choose not to use the JRE keystoreTrustStore, you must configure the following properties in the Universal Controller Start-up Properties (uc.properties) file:
These properties will take effect only after you restart Tomcat.
Anchor | ||||
---|---|---|---|---|
|
After you have obtained the certificate, you will need to import the certificate into the truststore. This can be done with the following example keytool command, which will create the keystore if it does not already exist:
Panel |
---|
keytool -keystore $JAVA_HOME/lib/security/cacerts -importcert -trustcacerts -file server_ca_certificate.pem -alias serverca |
You can also import certificates using TrustStore Settings on the administration navigation pane of the controller.