Trust an Deploy server's certificate

If you configured your Deploy server to use a self-signed certificate and then added the server to Release, you will notice that testing the connection fails with the following error: The Deploy server is not available.

To instruct Release to trust the Deploy server certificate, you must configure a truststore for Release.

To create a dedicated truststore for Release:

  1. Export the self-signed server certificate from XL_DEPLOY_SERVER_HOME/conf:

    keytool -export -keystore keystore.jks -alias jetty -file XLDeployServerCert.cer

    For more information on the keytool utility, see the Oracle documentation.

  2. Import the certificate, as a trusted certificate, into a separate truststore for Release:

    keytool -import -alias XLDeployServerCert -file XLDeployServerCert.cer -keystore XLRTruststore.jks
  3. Import all certificates from the JRE global truststore:

    keytool -importkeystore
    -srckeystore /etc/ssl/certs/java/cacerts -srcstoretype JKS \
    -destkeystore keystore.jks -deststoretype JKS \
    -srcstorepass changeit -deststorepass changeit

    Note: changeit is the default password for Java system trustStore.

    Important: If you do not import all certificates from the JRE global truststore, you may lose HTTPS connectivity with other applications.

  4. Move the truststore XLRTruststore.jks from XL_DEPLOY_SERVER_HOME/conf to XL_RELEASE_SERVER_HOME/conf.
  5. Depending on your system, open the following in a text editor :

    • Unix based system: XL_RELEASE_SERVER_HOME/conf/xlr-wrapper-linux.conf
    • Microsoft Windows: XL_RELEASE_SERVER_HOME/conf/xlr-wrapper-win.conf
  6. Configure Release to use the truststore by adding the following line, where ‘X’ is the next number in the list:

    Note: Disable the verification of SSL for Deploy servers under XL_RELEASE_SERVER_HOME/conf/ by adding the following line:


    In order to verify self signed certificates for Release and Deploy, a public certificate of the Deploy Server must be supplied. You can do this by specifying the location of the public certificate in the xldeploy.XLDeployServer.verifySSL property mentioned above. For e.g. xldeploy.XLDeployServer.verifySSL=/path/to/the/public/cert/of/Deploy

  7. Start Release

    Operating system Command
    Microsoft Windows run.cmd
    Unix-based systems
  8. Add the Deploy server.