We have a standalone XMLRPCSERVER that we have used for many years. It points to ExxCACert.jks for the trust store. We added a new target service recently and added the required certificate chain to ExxCACert.jks . It would not work until we added the same cert to cacerts in the JVM . Is that expected behavior? We were under the (apparently mistaken) impression that the only trust store that would matter would be ExxCACert.jks.
Thank you,
James Roe.
Hi James,
are you talking about the SSL communication to the EntireX Broker, or the HTTPS communication to the Web Server?
For Broker communication the trust store can be specified as part of the Broker ID.If a trust store is not specified then the default trust store of the JVM will be used.
The communication to the Web Server always uses the default trust store of the JVM .
You can also force the JVM to use a different (default) trust store by setting the Java property javax.net.ssl.trustStore in your startup script.
Hi Rolf. Thank you. The communication I was referring to was the connection between the XMLRPCSERVER and the target web service (not the broker). I guess I have misunderstood, for years, the purpose of ExxCACerts.jks. This is the first time we have needed to communicate to a web service that has a private CA, so all our previous communications were covered by CAs already present in cacerts. Appreciate your response.
James.