Trying to import a CA root certificate into the JVM trust store
by ernieandbert from LinuxQuestions.org on (#4YHVB)
Starting off by letting you all know that I am a newbie on this!
I have two files that were given to me to add to the trust store to allow our Java application to talk to a fax service. One is api.fax.crt and the other is api.fax.ca.
I have been adding the certs to the servers in the following manner:
Code:cd /etc/pki/ca-trust/source/anchors/
aws s3 cp s3://BlahBlah/temp/api.fax.ca .
aws s3 cp s3://BlahBlah/temp/api.faxa.crt .
sudo update-ca-trust
sudo service tomcat restartThis does seem to work but it sometimes takes ten minutes to work and some times it takes hours. By working I mean that it lets the code using it communicate with the end fax service
I read up a bit and found that I should probably be installing these in the JVM trust store.
I tried the following:
Code:cd /usr/java/latest/lib/security/
aws s3 cp s3://BlahBlah/temp/api.fax.ca .
aws s3 cp s3://BlahBlah/temp/api.fax.crt .
sudo keytool -importcert -noprompt -trustcacerts -alias faxage -file api.fax.com.ca -keystore /usr/java/latest/lib/security/cacerts -storepass blahblah
sudo keytool -importcert -noprompt -trustcacerts -alias faxage2 -file api.fax.com.crt -keystore /usr/java/latest/lib/security/cacerts -storepass blahblah
sudo service tomcat restartDoing it this way I have never been able to connect to the fax service.
Is there a better way? Should I be adding this to the Java location or the ca-trust location? Should I be adding both the ca and crt files? Why might I be having the delay before it works in the first example?
Thanks all for any insight!!!!
I have two files that were given to me to add to the trust store to allow our Java application to talk to a fax service. One is api.fax.crt and the other is api.fax.ca.
I have been adding the certs to the servers in the following manner:
Code:cd /etc/pki/ca-trust/source/anchors/
aws s3 cp s3://BlahBlah/temp/api.fax.ca .
aws s3 cp s3://BlahBlah/temp/api.faxa.crt .
sudo update-ca-trust
sudo service tomcat restartThis does seem to work but it sometimes takes ten minutes to work and some times it takes hours. By working I mean that it lets the code using it communicate with the end fax service
I read up a bit and found that I should probably be installing these in the JVM trust store.
I tried the following:
Code:cd /usr/java/latest/lib/security/
aws s3 cp s3://BlahBlah/temp/api.fax.ca .
aws s3 cp s3://BlahBlah/temp/api.fax.crt .
sudo keytool -importcert -noprompt -trustcacerts -alias faxage -file api.fax.com.ca -keystore /usr/java/latest/lib/security/cacerts -storepass blahblah
sudo keytool -importcert -noprompt -trustcacerts -alias faxage2 -file api.fax.com.crt -keystore /usr/java/latest/lib/security/cacerts -storepass blahblah
sudo service tomcat restartDoing it this way I have never been able to connect to the fax service.
Is there a better way? Should I be adding this to the Java location or the ca-trust location? Should I be adding both the ca and crt files? Why might I be having the delay before it works in the first example?
Thanks all for any insight!!!!