Versions Compared

Old Version 9

changes.mady.by.user Petteri Kivimäki

Saved on

compared with

New Version 10

changes.mady.by.user Petteri Kivimäki

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

When Ubuntu / RHEL packaged Java is used, the described mechanism takes care that the certificate is added to Java trust store too. In addition, added certificates are not lost when Java version is updated.

Note

When AdoptOpenJDK 8 is used instead of OpenJDK 8 the following steps must be completed:

1. Install "ca-certificates-java" -package.

2. Open "/etc/xroad/services/local.conf" file for editing and define a custom trust store by making changes on XROAD_PARAMS variable value. 

Code Block
XROAD_PARAMS="$XROAD_PARAMS -Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts "

3. Save the "/etc/xroad/services/local.conf" file after making the required changes.

4. Restart the X-Road services.

Ubuntu 18.04 / 20.04

Info

Java's default trust store: /etc/ssl/certs/java/cacerts

  • Copy the .crt file (PEM) into the /usr/local/share/ca-certificates folder.

  • Run

    "

    sudo update-ca-certificates

    "

    .

RHEL 7 / 8

Info

Java's default trust store: /etc/pki/java/cacerts

  • Copy the .crt file (PEM or DER) into the /etc/pki/ca-trust/source/anchors folder.

  • Run

    "

    sudo update-ca-trust extract

    "

    .

Filter by label (Content by label)
showLabelsfalse
max5
spacesXRDKB
showSpacefalse
sortmodified
reversetrue
typepage
cqllabel = "security" and type = "page" and space = "XRDKB"
labelssecurity


Page Properties
hiddentrue


Related issues