Note: These instructions are for versions 2015.5 and below.
If you have Jama configured for SSL or you are planning to configure Jama to communicate with other services using SSL (LDAP, SMTP, JIRA, etc.), you will need to add that
server's certificate to the Java KeyStore associated with Jama. It is important to note that if you have several services running SSL and communicating with Jama, you will have to import a separate certificate for each service. This will include the Jama certificate if configured with SSL. The following steps will walk you through how to add a certificate to the Java KeyStore.
- Copy the certificate for the server you are communicating with onto your Jama server. Be sure to note where you save this certificate as you will need it in step 3.
- Navigate to $JRE_HOME/lib/security. Within this folder, you will find the cacerts file.
Note: $JRE_HOME will be different from your $JAVA_HOME. If you do not have a $JRE_HOME configured, you can navigate to: $JAVA_HOME/jre/lib/security.
- Import the certificate with the following command:
keytool -importcert -alias tomcat -keystore cacerts -trustcacerts -file path/to/your/certificate
Note: The password for the cacerts by default is 'changeit'
- Verify that the certificate has been imported successfully with the following command which will port the results into a file called certs.txt:
keytool -list -keystore cacerts > certs.txt
- Restart Tomcat for the change to take effect.
- Repeat the previous steps for any other certificates you need to add.
You can now compare the certificate details with the certificate details shown in your browser. This is usually a small padlock icon in your address bar.
Note: If you are using a self-signed certificate, it is important that the common name (CN) on the certificate is the fully qualified domain name (FQDN) of the application server or this will not work.