After placing certificates in "Ignition\data\certificates\supplemental" in which keystore/truststore are they loaded to?
I don't see them in Ignition\lib\runtime\jre-win\lib\security\cacerts nor do I see them in metro-keystore
Thanks in advance.
After placing certificates in "Ignition\data\certificates\supplemental" in which keystore/truststore are they loaded to?
I don't see them in Ignition\lib\runtime\jre-win\lib\security\cacerts nor do I see them in metro-keystore
Thanks in advance.
This should be where they end up.
Did you restart the Ignition Gateway after adding certs to that directory?
Yes, I did restart it.
I have a .pfx file in the folder
But I can't seem to find it in the cacerts
The one highlighted in yellow is another cert that I inserted manually.
so ideally I would have to have 2 certs.
You need to drop a DER-encoded or PEM-encoded certificate file into that directory, not a PFX file.
Does this load into the "cacerts"?
KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(new FileInputStream(certPath), certPass);
https://docs.oracle.com/javase/8/docs/api/java/security/KeyStore.html#getInstance-java.lang.String-
A new KeyStore object encapsulating the KeyStoreSpi implementation from the first Provider that supports the specified type is returned.
@Kevin.Herron
can you please help me understand why this piece of code works only when I put the "xyz.pfx" file in the Ignition\data\certificates\supplemental folder?
String certPath = "C:\folder\xyz.pfx";
String pass = "test_password";
char certPass[] = pass.toCharArray();
try {
KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(new FileInputStream(certPath), certPass);
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, certPass);
SSLContext ctx = SSLContext.getInstance("TLSv1.3");
ctx.init(keyManagerFactory.getKeyManagers(), null, null);
HttpClient client = HttpClient.newBuilder().sslContext(ctx).build();
Without the "xyz.pfx" in the supplemental folder, the code compiles and executes but I get "java.net.ConnectException' error"
Sorry, I have no idea why that makes a difference.
I'd only expect it to work if there was actually a PFX at this path containing the appropriate root for whatever server you're talking to.
There is a PFX file in that directory but even if I put it in another directory like
String certPath = "D:\folder\xyz.pfx";
it seems to work as long as the PFX file is in the supplemental folder.