If you have configured the DATA Deneb signature service in DATA Boreum, see chapter 5.4, the connections between DATA Boreum and the authentication server and the DATA Deneb signature service are secured via SSL. On the servers running the authentication service and the DATA Deneb signature service, SSL certificates must be stored in the SSL keystores and truststores that originate from official trust service providers (certificate authorities), such as D-Trust or TeleSec. If you use SSL certificates from your own PKI or other self-signed SSL certificates, no SSL connection can be established because there is no way in DATA Boreum to store these SSL certificates.
Workaround SSL certificates
If you have secured the SSL routes with your own SSL certificates, you can store them in the truststore of the Java runtime environment (JDK). This is the place where DATA Boreum looks for trusted SSL certificates.
· JDK truststore: the truststore of a JDK can usually be found in this path:
<JDK installation directory>/lib/security
· Truststore name: The truststore is usually called cacerts (with no other file extension).
· Truststore password: The password for the cacerts file is usually changeit.
· Add SSL certificates: Add your own SSL certificates of the authentication service and the DATA Deneb signature service as "Trusted certificates" to this truststore.
· Restart: Restart DATA Boreum afterwards.