Skip to main content
Version: Release 22.2

Trust an Deploy Server's Certificate

This topics provides information about creating and configuring a truststore, importing certificates, and adjusting Release settings to ensure secure communication with the Deploy server.

If you configured your Deploy server to use a self-signed certificate and then added the server to Release, you will notice that testing the connection fails with the following error: The Deploy server is not available.

To instruct Release to trust the Deploy server certificate, you must configure a truststore for Release.

To create a dedicated truststore for Release:

  1. Export the self-signed server certificate from XL_DEPLOY_SERVER_HOME/conf:

    keytool -export -keystore keystore.jks -alias jetty -file XLDeployServerCert.cer

    For more information on the keytool utility, see the Oracle documentation.

  2. Import the certificate, as a trusted certificate, into a separate truststore for Release:

    keytool -import -alias XLDeployServerCert -file XLDeployServerCert.cer -keystore XLRTruststore.jks

  3. Import all certificates from the JRE global truststore:

    keytool -importkeystore
    -srckeystore /etc/ssl/certs/java/cacerts -srcstoretype JKS \
    -destkeystore keystore.jks -deststoretype JKS \
    -srcstorepass changeit -deststorepass changeit
note

changeit is the default password for Java system trustStore.

important

If you do not import all certificates from the JRE global truststore, you may lose HTTPS connectivity with other applications.

  1. Move the truststore XLRTruststore.jks from XL_DEPLOY_SERVER_HOME/conf to XL_RELEASE_SERVER_HOME/conf.

  2. Depending on your system, open the following in a text editor :

    • Unix based system: XL_RELEASE_SERVER_HOME/conf/xlr-wrapper-linux.conf
    • Microsoft Windows: XL_RELEASE_SERVER_HOME/conf/xlr-wrapper-win.conf

  3. Configure Release to use the truststore by adding the following line, where 'X' is the next number in the wrapper.java.additional list:

    wrapper.java.additional.X=-Djavax.net.ssl.trustStore=conf/XLRTruststore.jks
        wrapper.java.additional.X+1=-Djavax.net.ssl.trustStorePassword=password
note

Disable the verification of SSL for Deploy servers under XL_RELEASE_SERVER_HOME/conf/deployit-defaults.properties by adding the following line:

xldeploy.XLDeployServer.verifySSL=false

In order to verify self signed certificates for Release and Deploy, a public certificate of the Deploy Server must be supplied. You can do this by specifying the location of the public certificate in the xldeploy.XLDeployServer.verifySSL property mentioned above. For e.g. xldeploy.XLDeployServer.verifySSL=/path/to/the/public/cert/of/Deploy 7. Start Release

Operating systemCommand
Microsoft Windowsrun.cmd
Unix-based systemsrun.sh
  1. Add the Deploy server.