Trusting BankID CA

As of version 3.0 a stricter validation of HTTPS traffic is used. This resulting in not trusting the CA of BankID SSL Root CA v1 which is the issuing CA when using Swedish BankID.  This can be mitigated by replacing the truststore in this article.

By replacing the default cacerts file with the attached file trust, both BankID test- and production server trust will be established.

Instruction

Download the cacerts file.

Replace the attached cacerts located under <install_root>/jre/lib/security/
NB! If you manually added CA trusts to cacerts, you need to readd them to the cacerts file after replacement.

After replacing the file restart the PhenixID service.