Truststore

Overview

Universal Controller requires a truststore (keystore) in order to support SSL/TLS validation and encryption for LDAPS and HTTPS communications. The truststore will contain the server certificates or the root certificate (Certificate Authority) that issued the server certificate.

Universal Controller truststore uses the Oracle Java keystore format (JKS). By default, and without further configuration, the Java keystore will be used. The Java keystore (cacerts) is located in the /lib/security sub-directory of the JRE home directory.

Server certificates can be imported using the Oracle Java keytool utility, which can be found in the bin sub-directory of the JRE home directory.

JRE version-specific documentation for the keytool utility can be found at docs.oracle.com. For JRE 8, the documentation is available at http://docs.oracle.com/javase/8/docs/technotes/tools/windows/keytool.html.

Configuring Universal Controller

If you choose not to use the JRE keystore, you must configure the following properties in the Universal Controller Start-up Properties (uc.properties) file:

These properties will take effect only after you restart Tomcat.

Importing Server Certificates

After you have obtained the certificate, you will need to import the certificate into the truststore. This can be done with the following example keytool command, which will create the keystore if it does not already exist:


keytool -keystore $JAVA_HOME/lib/security/cacerts -importcert -trustcacerts -file server_ca_certificate.pem -alias serverca