The steps below have to be repeated after every update of PowerFolder Server, because a PowerFolder Server update will also update/replace the Java Runtime Environment with the latest version available at the time of the release! Location of the cacerts file Since we always include the latest Java Runtime Environment (JRE) in our server and client releases, you need to open the cacerts file coming with the JRE and import the certificate obtained before to that keystore file. Importing a server's public certificate to the Java keystore Next we need to import that certificate to the cacerts key-store file. Now you have a copy of the server's public certificate.
Download and start the Portacle application to manage Java key-stores and certificates.To obtain the certificate used by a SSL protected service:
Therefore we will show you how to add your own self-signed certificates or certificates issued and signed by your own CA to the Java key-store.
However when it comes to Java there is no way for the program connecting to services using those certificates to ignore the non-trusted status without changing the code to ignore and raising a possible security issue (e.g. When using a normal web browser to access a SSL secured site, this will not pose a problem, because usually web browsers will let you access sites using those certificates on a more or less difficult way (maybe with a warning). Now when using either a self-signed certificate which haven't been signed by a CA at all or when using a certificate chain which is not included in the trust store, Java (an PowerFolder) will not trust those certificates. Another possibility would be to add the certificate itself in to the key-store, which would have the connecting application trust the certificate. Those two certificates are referred to as certificate chain and are included in the Java key-store, since they are widely used in the world wide web and should therefore be trusted. This intermediate certificate has been signed by the root certificate Go Daddy Class 2 Certification Authority. If we take a look at the certificate used for our public websites, we will notice that the certificate *. has been signed by the certificate intermediate certificate Go Daddy Secure Certification Authority. Java (which PowerFolder is written in) uses an own key-store / trust store, which contains a list of all known CA certificates which are used to issue public certificates, like commonly used for public websites and other services secured by SSL. In certain situations it might be necessary to connect to an external service via SSL, e.g.įor external services, not hosted in the own company, this normally shouldn't pose a problem, however most of the time those services are hosted in-house an therefore use an own certificate issued by a certificate authority (CA) which is also hosted locally within the company and therefore is not trusted on the world wide web, because they are only used by local clients.