Creating a TrustStore
If you need to create a TrustStore, follow these steps:
1. Make a copy of the TrustStore of the JVM.

cp $JAVA_HOME/jre/lib/security/cacerts /etc/opt/java/security/cacerts-customized
$JAVA_HOME/bin/keytool -importkeystore -srckeystore /path/to/your-keystore.jks
-srcstorepass yourkeystore-password -destkeystore /etc/opt/java/security/
cacerts-customized -deststorepass changeit
where your-keystore.jks contains the CA certificate chain that is necessary to authenticate the Tomcat server.
You can save the copy of the cacerts file wherever you want. However, ensure that the user that executes the Tomcat server has read permissions for the file.
2. Change the password of the TrustStore. The default password of the cacerts file of the JVM is changeit.
keytool -storepasswd -keystore <path_to custom_keystore_file_with_file_name>
Enter keystore password: changeit
New keystore password: new-password
Re-enter new keystore password: new-password
You will need to set the AZURE_IOT_OPTS environment variable to use the SSL/TLS options that you have configured. Refer to Setting an Environment Variable When Using SSL/TLS.
3. Return to Step 7 of Minimal Configuration for Connecting to a ThingWorx Platform in Single-Server Mode to add the path to and password for your trust store.