If you configured your XL Deploy server to use a self-signed certificate and then added the server to XL Release, you will notice that testing the connection fails with the error The XL Deploy server is not available.

To instruct XL Release to trust the XL Deploy server’s certificate, you need to configure a truststore for XL Release. Usually, you do not want to modify the JRE’s global truststore for this purpose.

To create a dedicated truststore for XL Release:

  1. Export the self-signed server certificate from XL_DEPLOY_SERVER_HOME/conf: keytool -export -keystore keystore.jks -alias jetty -file XLDeployServerCert.cer

    For more information about the keytool utility, refer to the Oracle documentation.

  2. Import the certificate as a trusted certificate into a separate truststore for XL Release:
    keytool -import -alias XLDeployServerCert -file XLDeployServerCert.cer -keystore XLRTruststore.jks

  3. Import all certificates from the JRE global truststore: keytool -importkeystore -srckeystore /etc/ssl/certs/java/cacerts -srcstoretype JKS \ -destkeystore keystore.jks -deststoretype JKS \ -srcstorepass changeit -deststorepass changeit

    Note: changeit is the default password for Java system trustStore.

    Important: If you do not import all certificates from the JRE global truststore, you may lose HTTPS connectivity other applications.

  4. Move the truststore XLRTruststore.jks from XL_DEPLOY_SERVER_HOME/conf to XL_RELEASE_SERVER_HOME/conf.

  5. Configure XL Release to use the truststore by adding the following lines in XL_RELEASE_SERVER_HOME/conf/xlr-wrapper-linux.conf (for Unix) or XL_RELEASE_SERVER_HOME/conf/xlr-wrapper-win.conf (for Microsoft Windows):

    wrapper.java.additional.X=-Djavax.net.ssl.trustStore=conf/XLRTruststore.jks wrapper.java.additional.X+1=-Djavax.net.ssl.trustStorePassword=password

    Where X is the next number in the wrapper.java.additional list.

    Note: For XL Release 7.x and later, disable the verification of SSL for XL Deploy servers under XL_RELEASE_SERVER_HOME/conf/deployit-defaults.properties by adding the following line: xldeploy.XLDeployServer.verifySSL=false

  6. Start XL Release and add the XL Deploy server.