To Add Root Certificates to the Trusted Certificates in the Registry Domain

This task extends the list of trusted certificates in the Application Server registry domain.

Perform this task only if you use a third-party certificate and the root Certificate Authority (CA) certificate for the third party is not already in the Application Server truststore. Do not perform this task if you use only registry-issued certificates.

To determine whether the CA certificate you need is already available, you can use the list.cacerts target of the build-install.xml file:

Ant-base/ant -f build-install.xml -Dinstall.properties=props-file list.cacerts

where props-file is the path name of the copy of install.properties file that you edited in To Configure Service Registry as Root Using Custom Properties After a Configure Later Installation or To Configure Service Registry as a Non-Root User Using Custom Properties After a Configure Later Installation.

1. Download any root certificates that you want to support.

   Sites that provide root certificates include the following:

   • http://www.entrust.net/developer/

   • http://www.geotrust.com/resources/root_certificates/

   • http://www.thawte.com/roots/

   • http://www.verisign.com/support/roots.html

2. If necessary, use the unzip command to extract .cer files from the downloaded archive.

   ---

   Note –

   Some files have the suffix .der.

   ---

3. Copy the .cer files to the directory specified by the registry.install.CACertDir property in your copy of the install.properties file.

   This value is normally ServiceRegistry-base/install/cacerts if you configured as root, or $HOME/srvc-registry/cacerts if you configured as a non-root user.

4. Change to the directory ServiceRegistry-base/install.

5. Run the following command (all on one line):

   Ant-base/ant -f build-install.xml -Dinstall.properties=props-file install.cacerts

   This command installs any certificates found in the directory specified by the registry.install.CACertDir property into the Application Server domain truststore.

   You can use the list.cacerts target again to make sure that the certificates have been installed correctly.

6. Follow the instructions in To Stop and Restart the Application Server Domain for the Registry.