Skip to content

You are here: How to Add an Installer Generated Self-Signed SSL Certificate to Cacerts

Post-Installation Tasks

Configuring Secure Sockets Layer (SSL) Certificate

You can troubleshoot trusted certification issues.

Important: Apple's App Transport Security (ATS) mandates HTTPS for all communication and requires the use of TLS v1.2 or higher for all SSL certificates and load balancers.

For Apple apps to work properly and adhere to App Store guidelines, you must enable your Volt MX Foundry on-premises instance with SSL and configure your network infrastructure to use TLS version 1.2 or higher. For more information, please refer to the following: HCL Basecamp article on ATS Compliance.

After installing Volt MX Foundry on HTTPS, import your SSL certificate (for example, domain.subdomain.crt) into your Volt MX Foundry Installer's JRE trusted certificate authority (CA) certificates file - for example, <INSTALL_DIR>\jre\lib\security\cacerts

If your SSL certificate is not configured, the system displays an error - "peer not authenticated". For details, refer to Troubleshoot with SSL Certificate Issues.

To enable communication between Volt MX Foundry Console and other products such as Volt MX Foundry Integration Services, and Volt MX Foundry Engagement Services, follow these steps:

  • import each product's certificate (VoltMX Foundry Integration, and Volt MX Foundry Engagement Services) into the Volt MX Foundry console (for example, <INSTALL_DIR>\jre\lib\security\cacerts).
  • import console cert into the product boxes cacerts such as Volt MX Foundry Server, Volt MX Foundry Engagement Services, and Volt MX Foundry Management.

How to Add an Installer Generated Self-Signed SSL Certificate to Cacerts

To add an installer generated self-signed certificate to cacerts, follow these steps:

  1. From your Volt MX Foundry installed system, open the Windows command prompt, and run the following command to generate an intermediate.crt file from the keystore:

    \jre\bin\keytool -export -alias "" -file \intermediate.crt -keystore \keystore.jks -storepass

    Based on the hostname and keystore password provided at the SSL Certificate window, the preceding command exports the required certificate from the source keystore with the given name - for example, intermediate.crt.

  2. Run the following command to import the intermediate.crt certificate file into your Volt MX Foundry Installer's JRE trusted certificate authority (CA) certificates file:

    \jre\bin\keytool -import -noprompt -trustcacerts -alias "" -file \intermediate.crt -keystore \jre\lib\security\cacerts -storepass changeit

How to Add an Existing SSL Certificate to Cacerts

If Java does not identify a certificate issuer by default, you need to import an SSL into your cacerts.

To add an existing SSL certificate to cacerts, follow these steps:

Use the following steps to import your existing certificate to cacerts with the proper value of alias, keystore location and keystore password.

  1. From your Volt MX Foundry installed system, open the Windows command prompt, and run the following command to add an intermediate.crt file from the keystore:

    \jre\bin\keytool -export -alias "" -file \intermediate.crt -keystore -storepass

  2. Run the following command to import the intermediate.crt certificate file into your Volt MX Foundry Installer's JRE trusted certificate authority (CA) certificates file:

    \\jre\bin\keytool -import -noprompt -trustcacerts -alias "" -file

    \\intermediate.crt -keystore

    \\jre\lib\security\cacerts -storepass changeit

JDK Version Compatibility

In case if you upgrade your JDK version in your middleware server, to enable JDK version compatibility, make the appropriate changes in an app server's  middleware.properties file located in your middleware server installation folder.

For example: When you upgrade JDK V 1.6 to JDK V 1.7 (vice-versa), you can still run your middleware server. Volt MX Foundry's run-time apps cannot be accessed. If you try to access any apps at runtime, the system throws an error message due to JDK version incompatibility.

  1. In your middleware server installation folder, open the  middleware.properties file located at the below path:

    • for JBoss:`

      \middleware_home\middleware\middleware-bootconfig

      * for Tomcat:\middleware_home\middleware\middleware-bootconfig2. Make the following changes in themiddleware.properties` file.

    • ssl.trustStore=<java_home>/jre/lib/security/cacerts

    • ssl.keyStore=<java_home>/jre/lib/security/cacerts