Hi,

I have faced an issue when setting up a new Prod environment. Here are the environment details:


Apache Tomcat 6.0.24
OD 07.00.18.01
Avaya Aura® Experience Portal 7.0
Java Oracle 1.7.0


When checking the tomcat's runtimeconfig, the keystore was configured as follows:


" Use other: /usr/lib/jvm/jre-1.7.0-Oracle.x86_64/lib/security/cacerts "

But all the Web services connections were failing due to a certificate issue. I enabled SSL debug mode, and could finally see that the actual trustore was being taken from "/usr/local/apache-tomcat-6.0.24/lib/trusted_weblm_certs.jks". This didn't make sense since the runtime config visual interface was showing it pointing to the cacerts file :(

I tried restarting it, and changing it several but with no results. Then I installed the WS certificates in trusted_weblm_certs.jks, and everything started working. Yet, the customer wanted the trustore to be the cacerts file, so I found a file inside the /lib in tomcat, named "trustedcert.properties" which content was:



WebLM.trustStorePath=relative
WebLM.trustStore=/trusted_weblm_certs.jks
WebLM.trustStorePassword=password

#WebLM.trustStorePath=absolute
#WebLM.trustStore=D:/winopenssl/OpenSSL/bin/demoCA/newcerts/weblmserver/trusted_weblm_certs.jks
#WebLM.trustStorePassword=password


I thought that the WebLM.trustStore option was the one in conflict with the configuration on the runtimeconfig, so I renamed the trustedcert.properties to trustedcert.properties.old. The app started to work ok and the trustore was now effectively taken from the cacerts file.

Approximately, one month later, the app started failing due a License issue, and because that trustedcert.properties file was needed for something (OD was working because of the grace period). I renamed it back to the original form. Everything started to work normally again, and the license was now taken from the EP WebLM configured Server. And the keystore is still taken from the cacerts file :)


I would like to ask:

1. Which is the function of the trustedcert.properties file.

2. What could have caused that difference between what the runtimeconfig was showing as the keystore (/usr/lib/jvm/jre-1.7.0-oracle.x86_64/lib/security/cacerts), and the actual (/usr/local/apache-tomcat-6.0.24/lib/trusted_weblm_certs.jks).

3. If you do not set a License Server on the runtimeconfig, it will use the License Server configured on the EP automatically, right?

Thanks in advance!

1. The truststore path in the trustedcert.properties file is only used by the weblm client to talk to weblm server.
2. When you check User Other, it should ask you to select the file. Once you've done, the new path should be save in the ddconfig.xml file in Tomcat/lib. You can look into the file to verify the change. For example:

<certificateInfo>
<useExternal value="false"/>
<keystore value="C:\Program Files (x86)\Java\jdk1.8.0_25\jre\lib\security\cacerts"/>
<password value="kReepjP6MWOLn8+iU0612g=="/>
<certificateWarning value="60"/>
<extendednamecheck value="false"/>
</certificateInfo>

3. Yes, but that is only for weblm. To access a web service, you do need to set your own certificate and truststore.