PhenixID DocumentationPhenixID Authentication ServicesSolutions InfrastructureAutomatic import of trusted certificates to the Java truststore

Automatic import of trusted certificates to the Java truststore

This document describes how to automatically update the truststore used by JAVA with your own trusts placed in a local folder.

Please note that this feature was introduced in PAS 4.4.

System requirements

  • PAS version 4.4 or later

Configuration

  1. Create a folder reachable for the PAS server where you will place your truststores, such as "PAS-INSTALLATION"\overlay\truststores
  2. Place your custom truststores in the newly created folder (PEM or plain b64, filename will be used as alias)
  3. Configure the java option -Dcom.phenixidentity.cacerts.dir and point it to your newly created directory, ex:
    -Dcom.phenixidentity.cacerts.dir=overlay\truststore
  4. Restart PAS service

This instruction will give you an example on how to add your java option to the PAS server.

Note: Destination truststore must be writable for the PAS-application.

Verify

At server startup, lines similar to these will be written to the server.log file

2022-05-25 16:11:06,114 [NodeVerticle]  INFO: Importing CA certs from: C:\Program Files\PhenixID\Server\overlay\truststore
2022-05-25 16:11:06,115 [NodeVerticle]  INFO: Importing CA certs to: c:\program files\phenixid\server\jre\lib\security\cacerts

You will also note that the cacerts file is modified at each restart.