Adding certificates to Java keystore
In certain circumstances, such as adding a product instance or an Active Directory server that have been configured to use HTTPS protocol with self-signed certificates, you may need to import said certificates to OPSWAT Central Management's Java keystore to establish a trusted connection.
Please follow the instructions below to add the certificate to the Java keystore.
From version 7.23.0 on Windows, OPSWAT Central Management is integrated with Windows's Local Machine Certificate Store. Certificates that exist in Windows's Local Machine Certificate Store do not need to be imported to the Java keystore.
- Locate the root certificate file (.crt) for the product instance.
- From an elevated command-line interface, enter the command:
"<Java installation folder>\bin\keytool" -importcert -keystore "<OCM installation folder>\jre11\lib\security\cacerts" -storepass <password> -alias "<alias>" -file "<rootCA.crt path>"Example:"C:\Program Files\OPSWAT\Central\jre11\bin\keytool" -importcert -keystore "C:\Program Files\OPSWAT\Central\jre11\lib\security\cacerts" -storepass changeit -alias "ocmCA" -file "C:\Users\admin\Downloads\ocm.crt"- Restart OPSWAT Central Management for the changes to take effect.
If OPSWAT Central Management was upgraded from a version older than 7.22.0, it is most likely using a user-specified Java 11 distribution. Please refer to (Link Removed) to locate the Java installation being used.