Can I use a certificate from Verisign, Thawte, or other commercial certificate authority?
Environment
- Fuse MB 5.x
- Fuse MQ Enterprise
- All Platforms
Issue
-
Can I use a certificate from Verisign, Thawte, or other commercial certificate authority?
-
How do I configure the JVM to use this certificate?
-
Will using keytool import of the certificate into the broker keystore be sufficient or would I also need to install it into the client's trust store?
Resolution
Provided you're using a certificate that's been signed by a well known trusted CA such as Verisign, RapidSSL, Thawte, etc. you will not have to add anything to the client's keystore, clients can use the default "cacerts" certificate store provided with the JVM under jre/lib/security. To actually use the certificate you can either modify the JVM's default cacerts trust store and add your signed certificate or you can create a new trust store containing the CA certificates for your commercial vendor and the signed certificate.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments