Trust an Deploy server's certificate

If you configured your Deploy server to use a self-signed certificate and then added the server to Release, you will notice that testing the connection fails with the following error: The Deploy server is not available.

To instruct Release to trust the Deploy server certificate, you must configure a truststore for Release.

To create a dedicated truststore for Release:

  1. Export the self-signed server certificate from XL_DEPLOY_SERVER_HOME/conf:

    keytool -export -keystore keystore.jks -alias jetty -file XLDeployServerCert.cer

    For more information on the keytool utility, see the Oracle documentation.

  2. Import the certificate, as a trusted certificate, into a separate truststore for Release: 

    keytool -import -alias XLDeployServerCert -file XLDeployServerCert.cer -keystore XLRTruststore.jks

  3. Import all certificates from the JRE global truststore:

    keytool -importkeystore
-srckeystore /etc/ssl/certs/java/cacerts -srcstoretype JKS \
-destkeystore keystore.jks -deststoretype JKS \
-srcstorepass changeit -deststorepass changeit

    Note: changeit is the default password for Java system trustStore.

    Important: If you do not import all certificates from the JRE global truststore, you may lose HTTPS connectivity with other applications.

  4. Move the truststore XLRTruststore.jks from XL_DEPLOY_SERVER_HOME/conf to XL_RELEASE_SERVER_HOME/conf.

  5. Depending on your system, open the following in a text editor :

    • Unix based system: XL_RELEASE_SERVER_HOME/conf/xlr-wrapper-linux.conf
    • Microsoft Windows: XL_RELEASE_SERVER_HOME/conf/xlr-wrapper-win.conf

  6. Configure Release to use the truststore by adding the following line, where ‘X’ is the next number in the wrapper.java.additional list:

    wrapper.java.additional.X=-Djavax.net.ssl.trustStore=conf/XLRTruststore.jks
    wrapper.java.additional.X+1=-Djavax.net.ssl.trustStorePassword=password

    Note: Disable the verification of SSL for Deploy servers under XL_RELEASE_SERVER_HOME/conf/deployit-defaults.properties by adding the following line:

    xldeploy.XLDeployServer.verifySSL=false

    In order to verify self signed certificates for Release and Deploy, a public certificate of the Deploy Server must be supplied. You can do this by specifying the location of the public certificate in the xldeploy.XLDeployServer.verifySSL property mentioned above. For e.g. xldeploy.XLDeployServer.verifySSL=/path/to/the/public/cert/of/Deploy

  7. Start Release

    Operating system Command
    Microsoft Windows run.cmd
    Unix-based systems run.sh
  8. Add the Deploy server.