Update the cacerts keystore file

Applies to User Roles:

System Administrator

If you use a private certificate authority to generate an SSL server certificate, you can add the private certificate authority to the list of trusted certificate authorities that exist in the Java cacerts keystore file. Sun distributes this file with JSSE and with JDK version 1.4.x and later releases. You can then distribute this updated cacerts file to your HPE Service Manager clients so that they can validate the server's signed certificate.

Note: This procedure requires that you install a Java SDK of version 1.4.x or later on the server where you installed your private certificate authority.

To update the cacerts keystore file:

  1. Log on to server where you installed your private certificate authority.
  2. Open the operating systems command prompt.
  3. Change directories to the Java SDK bin folder.
  4. Type the following command to import your private certificate authority's certificate (for example, cacert.pem) into the Java cacerts file that you publish to the rest of your network. Change the path and variables as necessary.
    keytool -import -keystore ./cacerts -trustcacerts -file cacert.pem -storepass changeit
  5. When keytool prompts you, type y to trust the private certificate authority's certificate.