Overview

Universal Controller requires a truststore (keystore) in order to support SSL/TLS validation and encryption for LDAPS and HTTPS communications. The truststore will contain the server certificates or the root certificate (Certificate Authority) that issued the server certificate.

Universal Controller truststore uses the Oracle Java keystore format (JKS). By default, and without further configuration, the Java keystore will be used. The Java keystore (cacerts) is located in the /lib/security sub-directory of the JRE home directory.

Server certificates can be imported using the Oracle Java keytool utility, which can be found in the bin sub-directory of the JRE home directory. 

You can also manage certificates through the controller UI using TrustStore Settings on the administration navigation pane. 

JRE version-specific documentation for the keytool utility can be found at docs.oracle.com. For JRE 8, the documentation is available at http://docs.oracle.com/javase/8/docs/technotes/tools/windows/keytool.html.

Configuring Universal Controller

If you choose not to use the JRE keystore, you must configure the following properties in the Universal Controller Start-up Properties (uc.properties) file:

• uc.trustmanager.truststore
• uc.trustmanager.truststore.password

These properties will take effect only after you restart Tomcat.

Importing Server Certificates

You can import certificates using TrustStore Settings on the administration navigation pane of the controller or the Oracle Java keytool command:

keytool -keystore $JAVA_HOME/lib/security/cacerts -importcert -trustcacerts -file server_ca_certificate.pem -alias serverca