How to get the list of default trusted anchors
Article ID: 131791
Updated On:
Products
STARTER PACK-7
CA Rapid App Security
CA API Gateway
Issue/Introduction
Once pkix.useDefaultTrustAnchors is set as true, the gateway will trust the well-known public certificate authorities.
The trusted anchors are from the java, gateway doesn't maintain the list.
The trusted anchors are from the java, gateway doesn't maintain the list.
Environment
Release:
Component: APIGTW
Component: APIGTW
Resolution
Here is the command to list all the trusted anchors, (save to /home/ssgconfig/calist file)
/opt/SecureSpan/JDK/bin/keytool -list -v -keystore /opt/SecureSpan/JDK/jre/lib/security/cacerts >/home/ssgconfig/calist
password:changeit
For those certificates not signed by the issuers in the list, will need to be imported to gateway manually to be trusted.
/opt/SecureSpan/JDK/bin/keytool -list -v -keystore /opt/SecureSpan/JDK/jre/lib/security/cacerts >/home/ssgconfig/calist
password:changeit
For those certificates not signed by the issuers in the list, will need to be imported to gateway manually to be trusted.
Feedback
Yes
No
Powered by
