Product uses wrong truststore
ghmer opened this issue · 1 comments
ghmer commented
Describe the bug
Openidm uses its own truststore, rather than using the default cacerts. As this truststore seems to be pretty old, in example, LetsEncrypt certificates are not accepted. This breaks connectors et al. Those were introduced with Java1.8.101 or something like that, so several years ago!!
To Reproduce
Steps to reproduce the behavior:
- unzip openidm
- try to connect an LDAP system via SSL using LetsEncrypt certificates. It will not work, console will throw Exceptions regarding the certificate path
- stop openidm. Replace security/truststore with cacerts file
- try again. This time, connecting the LDAP system via SSL works.
Expected behavior
The product should not use its own (oooooold!) truststore and instead use the default cacerts file that is shipped with the jre/jdk.
vharseko commented
you can change openidm/conf/boot/boot.properties
openidm.keystore.type=JCEKS
openidm.truststore.type=JKS
openidm.keystore.provider=SunJCE
openidm.truststore.provider=SUN
openidm.keystore.location=security/keystore.jceks
openidm.truststore.location=security/truststore
# Keystore password, adjust to match your keystore and protect this file
openidm.keystore.password=changeit
openidm.truststore.password=changeit