Hello,
I need to run Alfresco Repository and Share 6.2.2 CE such that all traffic is encrypted. I created a PKI and now I need to import the root CA certificate for both Repository and Share. I ran the usual `update-ca-trust` and I can see my root CA certificate has been added to `/etc/pki/ca-trust/extracted/java/cacerts`. Yet, I still get exceptions looking like `can't build certificate path`.
Someone on my team suggested that it could be because Repository and Share use their own trust stores, not the system ones. Is that true? If yes, were are the trust stores for Repository and Share?
Thanks a lot for any help!
Solved! Go to Solution.
Hi,
OK, a colleague of mine finally found the problem (and the solution). The update-ca-trust command apparently doesn't work very well and I had to manually add the certificate using keytool. For reference the command to use is:
keytool -import -keystore /usr/java/openjdk-11.0.7+10/lib/security/cacerts -file /path/to/myownrootca.crt -alias myrootca -storetype jks -storepass changeit -noprompt -trustcacerts
After that, I couldn't see the "can't build certificate path" exceptions anymore.
They are true.
Hope this helps:
Hi @angelborroy ,
Thanks for the link. Does Alfresco has a default trust store file? Or do I have to create one myself and modify the alfresco-global.properties?
Thanks!
Hi,
OK, a colleague of mine finally found the problem (and the solution). The update-ca-trust command apparently doesn't work very well and I had to manually add the certificate using keytool. For reference the command to use is:
keytool -import -keystore /usr/java/openjdk-11.0.7+10/lib/security/cacerts -file /path/to/myownrootca.crt -alias myrootca -storetype jks -storepass changeit -noprompt -trustcacerts
After that, I couldn't see the "can't build certificate path" exceptions anymore.
Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.
Related links:
By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods). If you are not ok with these terms, please do not use this website.