Closed ghmer closed 5 months ago
you can change openidm/conf/boot/boot.properties
openidm.keystore.type=JCEKS
openidm.truststore.type=JKS
openidm.keystore.provider=SunJCE
openidm.truststore.provider=SUN
openidm.keystore.location=security/keystore.jceks
openidm.truststore.location=security/truststore
# Keystore password, adjust to match your keystore and protect this file
openidm.keystore.password=changeit
openidm.truststore.password=changeit
Describe the bug Openidm uses its own truststore, rather than using the default cacerts. As this truststore seems to be pretty old, in example, LetsEncrypt certificates are not accepted. This breaks connectors et al. Those were introduced with Java1.8.101 or something like that, so several years ago!!
To Reproduce Steps to reproduce the behavior:
Expected behavior The product should not use its own (oooooold!) truststore and instead use the default cacerts file that is shipped with the jre/jdk.