NOVEMBER 20 2007

Specifying the trustStore and keyStore properties

Related Categories: Breeze, CPS, Security ColdFusion, JRun,

I've written a topic on enabling SSL and another topic which talks about debugging SSL, but what if you don't want to use the default cacerts or keystore (trustStore) files? Or, what if you have to install a new jvm for DST compliance, but don't want to share certificate stores among Java apps? What if you have a centralized file you want all of your Java apps to use to enable SSL. In these cases you can use the Java system properties to configure these files at runtime.

First understand that there are two files involved:

  • trustStore: file containing certificates of remote systems (servers, clients, etc.) CF/JRun's default trustStore is the cacerts file (cf_root/runtime/jre/lib/security/cacerts or jrun_root/jre/lib/security/cacerts);
  • keyStore: file containing certificates that identify the local system/server CF/JRun's default keyStore is the trustStore file (cf_root/runtime/lib/trustStore or jrun_root/lib/trustStore).

To use a different file from the defaults at runtime, add the following Java arguments:

view plain print about
1<b>-Djavax.net.ssl.trustStore=path_to_truststore<br />
2-Djavax.net.ssl.trustStorePassword=truststore password<br />
3-Djavax.net.ssl.keyStore=path_to_keystore<br />
4-Djavax.net.ssl.keyStorePassword=keystore password<br />

*Note: You must restart the JVM in order for these changes to take affect

Example: To configure ColdFusion to use a file (sampleCerts) other than the default cacerts certificate file, add the following line to the Java arguments in either the Java and JVM Settings screen in the CF Admin or to the java.args section of the cf_root/runtime/bin/jvm.config:

view plain print about
1-Djavax.net.ssl.trustStore=C:/Certs/sampleCerts

Comments (2) | Print | Send | del.icio.us | Digg It! | Linking Blogs

Related Blog Entries

TweetBacks
There are no TweetBacks for this entry.
Comments (Comment Moderation is enabled. Your comment will not appear until approved.)

[Add Comment] [Subscribe to Comments]

Tom Thompson's Gravatar I'm trying to get more information about deploying CPS. The IT department at my work wants to know more about deploying CPS before we invest in it, but Adobe's Sales Team knows nothing about Contribute Publishing Server. Could you recommend someone who could answer the IT questions?
# Posted By Tom Thompson | 3/20/08 11:58 AM
Eric Rubino's Gravatar We are trying to use CPS on a PKI enabled private Intranet site.
When we have PKI enabled for the publishing server app and we try to
enable the CPS through contribute after connecting to our site, contribute
can not see the publishing server. If we turn off PKI it can see it. We are
using IIS to handle our client certificate requests and Tomcat to run the app
Do you have any suggestions how to get contribute to see the CPS with PKI
enabled?
# Posted By Eric Rubino | 7/9/09 4:38 PM
[Add Comment]
Welcome to Sarge's personal blog A green acorn

Previous Month February 2012 Next Month

Sun Mon Tue Wed Thu Fri Sat
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29      
Twitter - Follow me on Twitter Twitter
Follow me on Twitter
Del.icio.us - Keep track of the links I like Del.icio.us
Keep track of the links I like
LinkedIn - Join my network LinkedIn
Join my network
Technorati - See the blogs I follow Technorati
Add to your Favorites
Sports Matchmaker - Let's get a game together Sports Matchmaker
Let's get a game together

Subscribe
Enter your email address to subscribe to this blog.