Question
Zurich
BR
Last activity: 19 Jan 2024 11:07 EST
Configuring PEGA PDC using a custom keystore
We are configuring the PDC in our applications, but for security reasons our application does not use the default java keystore (/home/tomcat/jdk/jre/lib/security/) instead of it we are using a jks provided by the security team which contains all of our organization's certificates.
We understand that in order to configure the PDC we need to install the certificate, but we cannot import the certificate into our organization's jks because it is shared with other applications thoughout the company, so we created a customized jks and imported the PDC certificate into it.
We have tried these steps:
We began by attempting to include the new JKS in the web.xml file for ports 443 and 8843. However, upon starting the environment, we started encountering the same certificate errors in the PDC services.
The second attempt involved introducing the JVM variable (-Djavax.net.ssl.trustStore) in the setenv file, referencing the new JKS created. However, the error persisted.
In the third attempt we pointed the -Djavax.net.ssl.trustStore var to the /home/tomcat/jdk/jre/lib/security/cacerts and with it we achieved success. We need to know if the use of /cacerts is mandatory to use de pdc.
Image of third attempt:
***Edited by Moderator Marije to add Support Case INC-B466 ; update capability tags***