Where can I store trusted root certificates for IMAP connection with SSL



  • Michael Ahn

    I found the solution: Add the cert to the cacerts keystore in the JAVA_HOME on datameer host and all cluster nodes:

    $JAVA_HOME/bin/keytool  -import -trustcacerts -alias AliasRoot -file MyRoot.cer -keystore $JAVA_HOME/jre/lib/security/cacerts

    The default password of caerts is changeit


    Comment actions Permalink
  • Viral Sorathiya

    In my case, it was the issue with the cacerts. Somebuddy added the certs into the cacerts manually by using "$JAVA_HOME/bin/keytool  -import -trustcacerts.......".  And it was working fine until I rebooted the system. When you reboot the system, the system will run "update-ca-trust" and that removed all the certs were added manually (This applies only when you are using the default system location of the cacerts for the application). 

    So the right way of adding the certs is  add all the certs into the /usr/share/pki/ca-trust-source/anchors/. And then check the number of certs are currently added into the cacerts by running "keytool -list -storepass <password> -keystore /usr/lib/jvm/<java-version>/jre/lib/security/cacerts | wc -l". And then run "update-ca-trust". And check the number of certs again to see the difference. 


    thank you 

    Comment actions Permalink

Please sign in to leave a comment.