Summary
PhenixID products is based on Java, which uses JRE’s trust store by default. This article explains how to configure PhenixID products to use Windows trust store when it is running on a Microsoft Windows system.
Prerequisite
PhenixID product installed on Windows OS.
Overview
JAVA default trust store
In most cases, we use a truststore when our application needs to communicate over SSL/TLS. Java has bundled a truststore called cacerts and it resides in the $JAVA_HOME/jre/lib/security directory.
Make JAVA use Windows trust store
When the PhenixID products is running on a Microsoft Windows environment, you can configure them to use the Windows environment’s trust store, so that the Windows administrators can manage the trusted certificates.
Configure the property javax.net.ssl.trustStoreType
with value Windows-ROOT
to instructs Java to refer to the native Windows ROOT keystore for trusted certificates, which includes root CAs.
Configuration
PhenixID Identity Provisioning (PIP)
Configure PIP use Windows keystore.
- Open Windows Explorer and find files:
- Provisioning Configurator.vmoptions
- Provisioning Service.vmoptions
- Open the files with an text editor
- Add the following JAVA option to both files
- -Djavax.net.ssl.trustStoreType=Windows-ROOT
- Save and close both files
- Restart PIP service and/or PIP Configurator
NOTE: An upgrade of PIP should keep this setting. But good practice is to verify the setting after an upgrade!
PhenixID Identity Manager (PIM)
Configure PIM use Windows keystore.
- Open Windows Explorer and find file:
- PhenixIDIMw.exe
(\..\PhenixID\IM\server\bin)
- PhenixIDIMw.exe
- Launch PhenixIDIMw.exe
- Click JAVA tab
- Add in JAVA options:
- -Djavax.net.ssl.trustStoreType=Windows-ROOT
- Click OK
- Restart PIM service
NOTE: An upgrade of PIM should keep this setting. But good practice is to verify the setting after an upgrade!
PhenixID Authentication Server (PAS)
Please add the following java option to “phenixidservice.vmoptions”
-Djavax.net.ssl.trustStoreType=Windows-ROOT
DISCLAIMER
Information provided in this document is for your information only. PhenixID makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners.The origin of this information may be internal or external to PhenixID. PhenixID makes all reasonable efforts to verify this information.
PhenixID - support.phenixid.se