Update SSL Configuration for Java

Presto Administration : Presto Server Configuration : Configure Presto for SSL and Digital Certificates : Update SSL Configuration for Java

With the EMML <directinvoke> statement, certificates for secure endpoints are validated against the default trust store for Java (the JRE). One-way SSL for mashable information sources may also use the default trust store for Java.

Note:

See http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CustomizingStores for more information on the default JRE trust store.

Initially, this may not be the trust store you have configured for the Presto Server in the application server and/or the Admin Console. This can cause security errors for <directinvoke> statements or mashable information sources.

To avoid these errors, you can configure the JRE to use the trust store for the Presto Server:

1. Open the appropriate startup script (below) for the application server hosting the Presto Server in any text editor:

presto-install/apache-tomee-jaxrs/bin/setenv.bat file for Windows environments

presto-install/apache-tomee-jaxrs/bin/setenv.sh file for Linux, OS/X or UNIX environments

2. Add these system properties in the Java options in this script:

-Djavax.net.ssl.trustStore=/path/to/mashup-server/truststore: this is the absolute path to the trust store for the Presto Server.

-Djavax.net.ssl.trustStorePassword=truststore-password: this is only required if the Presto Server’s trust store uses a password.

3. Save your changes to the script and restart the Presto Server. See Start and Stop the Presto Server for instructions.

Contact Support | Community | Feedback