How to get the list of default trusted anchors

book

Article ID: 131791

calendar_today

Updated On:

Products

STARTER PACK-7 CA Rapid App Security CA API Gateway

Issue/Introduction

Once pkix.useDefaultTrustAnchors is set as true, the gateway will trust the well-known public certificate authorities.
The trusted anchors are from the java, gateway doesn't maintain the list.

 

Environment

Release:
Component: APIGTW

Resolution

Here is the command to list all the trusted anchors, (save to /home/ssgconfig/calist file)
/opt/SecureSpan/JDK/bin/keytool -list -v -keystore /opt/SecureSpan/JDK/jre/lib/security/cacerts >/home/ssgconfig/calist

password:changeit


For those certificates not signed by the issuers in the list, will need to be imported to gateway manually to be trusted.