Configure Data Admin to Trust a Custom Certificate Authority

You can configure Data Admin to accept additional Certificate Authority (CA) certificates, beyond the standard ones. This configuration is necessary only when you have configured your components to use TLS certificates signed by a custom CA.

To configure Data Admin to use a custom CA

  1. Create a truststore file that contains the CA certificate chain. The truststore is the same type of file as a keystore file (see Configure Data Admin to Use SSL). You can create one by using keytool, which comes with JRE. For example:

    keytool -keystore '.../output-truststore.jks' -importcert -file '.../ca.cert.pem'

    NOTE: Data Admin trusts only trust certificates in this store. If you also want to trust the standard CAs, you must add them manually. For example, you can copy the truststore from your JRE and add your custom CAs to it.

  2. Start Data Admin with the Java run command, and include the javax.net.ssl.trustStore argument set to the location of your truststore. For example:

    java -Djavax.net.ssl.trustStore=.../truststore.jks -Didol.dataadmin.home=[home directory] -Dserver.port=[port] -jar dataadmin.jar

If you run Data Admin as a service on Windows, you can also add the same arguments to the dataadmin.xml file.

If you run Data Admin as a service on Linux, you can add the argument to the existing arguments variable in dataadmin.sh for SysV, or dataadmin.service for systemd.

When you modify the Data Admin configuration by modifying the XML file or start scripts, you must restart Data Admin to apply your configuration changes.

For more information on installing and running Data Admin as a service on Windows or Linux, see Install Data Admin.