Configure IDOL Data Admin to Trust a Custom Certificate Authority

You can configure IDOL Data Admin to accept additional Certificate Authority (CA) certificates, beyond the standard ones. This configuration is necessary only when you have configured your IDOL components to use TLS certificates signed by a custom CA.

To configure IDOL Data Admin to use a custom CA

  1. Create a truststore file that contains the CA certificate chain. The truststore is the same type of file as a keystore file (see Configure IDOL Data Admin to Use SSL). You can create one by using keytool, which comes with JRE. For example:

    keytool -keystore '.../output-truststore.jks' -importcert -file '.../ca.cert.pem'

    NOTE: IDOL Data Admin trusts only trust certificates in this store. If you also want to trust the standard CAs, you must add them manually. For example, you can copy the truststore from your JRE and add your custom CAs to it.

  2. Start IDOL Data Admin with the Java run command, and include the javax.net.ssl.trustStore argument set to the location of your truststore. For example:

    java -Djavax.net.ssl.trustStore=.../truststore.jks -Didol.dataadmin.home=[home directory] -Dserver.port=[port] -jar dataadmin.jar

If you run IDOL Data Admin as a service on Windows, you can also add the same arguments to the dataadmin.xml file.

If you run IDOL Data Admin as a service on Linux, you can add the argument to the existing arguments variable in dataadmin.sh for SysV, dataadmin.conf for Upstart, or dataadmin.service for systemd.

When you modify the IDOL Data Admin configuration by modifying the XML file or start scripts, you must restart IDOL Data Admin to apply your configuration changes.

On Upstart, you must also run initctl reload-configuration before you restart, to apply the init file changes. You can then run service dataadmin restart to restart the service.

For more information on installing and running IDOL Data Admin as a service on Windows or Linux, see Install IDOL Data Admin.