0

I have a Active Directory controller with LDAPS enabled. When I want Atlassian-products (Jira, Confluence etc.) to use LDAPS towards that controller, it won't trust the certificate.

I have tried importing the CA-certificate into RHEL (using update-ca-trust), and it's imported fine. The issue then is that the CA-certificate is signed using a algorithm not supported by Java (RSASSA-PSS).

Is there a way to directly trust the server certificate (not the CA)?

Gerald Schneider
  • 19,757
  • 8
  • 52
  • 79
TeeCee
  • 1
  • 2

1 Answers1

3

Your Java Virtual Machine has a cacerts Keystore that is supposed to contain any certificate that should be trusted. Despite its name, you may place non-CA certificates in this store and they will still be trusted.

Where exactly this is located depends on your system; I haven’t fooled around much with Java on RHEL, and they like to do things strangely there. But, it is typically located in {JAVA_HOME}/jre/lib/security/cacerts. Use the java keytool to import the certificate. The password for cacerts by default is changeit.

Joe
  • 156
  • 3
  • I would put down the actual keytool command to use, but I’m not in the office at the moment, – Joe Apr 08 '19 at 11:56
  • Yeah, it resides in `/etc/pki/java/cacerts` I think. RHEL has a way of updating that, using `update-ca-trust`, where OS + Java has a common way to trust a CA-certificate. So I think that if I add it manually to that keystore, it will be overwritten by `update-ca-trust`, but I can give it a shot. More on this here: https://unix.stackexchange.com/questions/456475/adding-a-root-certification-authority-to-a-java-application – TeeCee Apr 08 '19 at 12:23