TrustStore
Overview
Universal Controller requires a truststore (keystore) in order to support SSL/TLS validation and encryption for LDAPS and HTTPS communications. The truststore will contain the server certificates or the root certificate (Certificate Authority) that issued the server certificate.
Universal Controller truststore uses the Oracle Java keystore format (JKS). By default, and without further configuration, the Java keystore will be used. The Java keystore (cacerts) is located in the /lib/security
sub-directory of the JRE home directory.
Server certificates can be imported using the Oracle Java keytool utility, which can be found in the bin
sub-directory of the JRE home directory.
JRE version-specific documentation for the keytool utility can be found at docs.oracle.com. For JRE 8, the documentation is available at http://docs.oracle.com/javase/8/docs/technotes/tools/windows/keytool.html.
You can also manage certificates through the controller UI by using TrustStore Settings on the administration navigation pane.
Configuring Universal Controller
If you choose not to use the JRE TrustStore, you must configure the following properties in the Universal Controller Start-up Properties (uc.properties) file:
These properties will take effect only after you restart Tomcat.
Importing Server Certificates
After you have obtained the certificate, you will need to import the certificate into the truststore. This can be done with the following example keytool command, which will create the keystore if it does not already exist:
keytool -keystore $JAVA_HOME/lib/security/cacerts -importcert -trustcacerts -file server_ca_certificate.pem -alias serverca
You can also import certificates using TrustStore Settings on the administration navigation pane of the controller.