Importing certificates into the Java cacerts file

If you are using a certificate signed by a Certificate Authority that is not included in the Java cacerts file by default, you need to complete the following configuration for HTTPS connections between the AX Client and the AX Server to work correctly. The Java cacerts file stores root certificates for the most common CAs, such as VeriSign. If you are using a CA that does not have its root certificate included in the cacerts file by default you need to import it. You may also need to import an intermediate certificate.

This configuration needs to be completed on each end-user computer where AX Client is installed. You can complete the steps below on one computer, and then copy the resulting cacerts file to the specified location on all other computers where AX Client is installed.

To import certificates into cacerts:

  1. Open Windows Explorer and navigate to the cacerts file, which is located in the jre\lib\security subfolder where AX Client is installed. The default location is C:\Program Files\ACL Software\ACL Analytics Exchange Client\jre\lib\security
  2. Create a backup copy of the file before making any changes.
  3. Depending on the certificates you receive from the Certificate Authority you are using, you may need to import an intermediate certificate and/or root certificate into the cacerts file. Use the following syntax to import one or both of these certificates:

    keytool -import -alias <alias> -keystore <cacerts_file> -trustcacerts -file <certificate_filename>

    If you are importing both certificates the alias specified for each certificate should be unique.

  4. Type the password for the keystore at the “Password” prompt and press Enter. The default Java password for the cacerts file is “changeit”.
  5. Type ‘y’ at the “Trust this certificate?” prompt and press Enter.

(C) 2015 ACL Services Ltd. All Rights Reserved.