Keystore/trustore file of certs loaded in supplemental folder

After placing certificates in "Ignition\data\certificates\supplemental" in which keystore/truststore are they loaded to?

I don't see them in Ignition\lib\runtime\jre-win\lib\security\cacerts nor do I see them in metro-keystore

Thanks in advance.

This should be where they end up.

Did you restart the Ignition Gateway after adding certs to that directory?

Yes, I did restart it.

I have a .pfx file in the folder

But I can't seem to find it in the cacerts

The one highlighted in yellow is another cert that I inserted manually.
so ideally I would have to have 2 certs.

You need to drop a DER-encoded or PEM-encoded certificate file into that directory, not a PFX file.

Does this load into the "cacerts"?

KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(new FileInputStream(certPath), certPass);

https://docs.oracle.com/javase/8/docs/api/java/security/KeyStore.html#getInstance-java.lang.String-

A new KeyStore object encapsulating the KeyStoreSpi implementation from the first Provider that supports the specified type is returned.

@Kevin.Herron
can you please help me understand why this piece of code works only when I put the "xyz.pfx" file in the Ignition\data\certificates\supplemental folder?

String certPath = "C:\folder\xyz.pfx";
String pass = "test_password";
char certPass[] = pass.toCharArray();
try {
    KeyStore keyStore = KeyStore.getInstance("PKCS12");
    keyStore.load(new FileInputStream(certPath), certPass);
    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    keyManagerFactory.init(keyStore, certPass);
    SSLContext ctx = SSLContext.getInstance("TLSv1.3");
    ctx.init(keyManagerFactory.getKeyManagers(), null, null);
    HttpClient client = HttpClient.newBuilder().sslContext(ctx).build();

Without the "xyz.pfx" in the supplemental folder, the code compiles and executes but I get "java.net.ConnectException' error"

Sorry, I have no idea why that makes a difference.

I'd only expect it to work if there was actually a PFX at this path containing the appropriate root for whatever server you're talking to.

There is a PFX file in that directory but even if I put it in another directory like

String certPath = "D:\folder\xyz.pfx";

it seems to work as long as the PFX file is in the supplemental folder.