Description
The documentation on SSL trust management states that if you put pem files in /opt/grouper/certs/client, they get read at startup imported. Where they get imported into is $JAVA_HOME/lib/security/cacerts which is Corretto-specific. However, the Tomcat setenv.sh file has hardcoded
-Djavax.net.ssl.trustStore=/etc/pki/java/cacerts
|
Removing the javax.net.ssl.trustStore jvm parameter allows self-signed certificates to work.