Configure Find to Trust a Custom Certificate Authority

You can configure Find to accept additional Certificate Authority (CA) certificates, beyond the standard ones. This configuration is necessary only when you have configured your IDOL components to use TLS certificates signed by a custom CA.

To configure Find to use a custom CA

  1. Create a truststore file that contains the CA certificate chain. The truststore is the same type of file as a keystore file (see Configure Find to Use SSL). You can create one by using keytool, which comes with JRE. For example:

    keytool -keystore '.../output-truststore.jks' -importcert -file '.../ca.cert.pem'

    NOTE: Find trusts only trust certificates in this store. If you also want to trust the standard CAs, you must add them manually. For example, you can copy the truststore from your JRE and add your custom CAs to it.

  2. Start Find with the Java run command, and include the javax.net.ssl.trustStore argument set to the location of your truststore. For example:

    java -Djavax.net.ssl.trustStore=.../truststore.jks -Didol.find.home=[home directory] -Dserver.port=[port] -jar find.war

If you run Find as a service on Windows, you can also add the same arguments to the find.xml file.

If you run Find as a service on Linux, you can add the argument to the existing arguments variable in find.sh for SystemV, find.conf for Upstart, or find.service for systemd.

When you modify the Find configuration by modifying the XML file or start scripts, you must restart Find to apply your configuration changes.

On Upstart, you must also run initctl reload-configuration before you restart, to apply the init file changes. You can then run service find restart to restart the service.

For more information on installing and running Find as a service on Windows or Linux, see Install Find.