Creating a TrustStore
If you need to create a TrustStore, follow these steps:
1. Make a copy of the TrustStore of the JVM.
cp $JAVA_HOME/jre/lib/security/cacerts /etc/opt/java/security/cacerts-customized
$JAVA_HOME/bin/keytool -importkeystore -srckeystore /path/to/your-keystore.jks
-srcstorepass yourkeystore-password -destkeystore /etc/opt/java/security/
cacerts-customized -deststorepass changeit
where your-keystore.jks contains the CA certificate chain that is necessary to authenticate the Tomcat server.
|
You can save the copy of the cacerts file wherever you want. However, ensure that the user that executes the Tomcat server has read permissions for the file.
|
2. Change the password of the TrustStore. The default password of the cacerts file of the JVM is changeit.
keytool -storepasswd -keystore <path_to custom_keystore_file_with_file_name>
Enter keystore password: changeit
New keystore password: new-password
Re-enter new keystore password: new-password