Altair® Panopticon


Defining a TrustStore

In scenarios that require TLS-enabled intra-service communication, we need to configure a trustStore. These scenarios include, for instance, LDAP, SAML or OAuth integration.

A trustStore is essentially a keyStore, but where the keyStore is used to store private keys used to identify the server, the trustStore is used to store public keys of trusted Certificate Authorities (CA). The trustStore is used to verify certificates presented to the server when establishing an SSL connection.

Follow the steps below to create a new trustStore, import a certificate and configure Java to use the new trustStore:


1.     Create a new keyStore called truststore:

keytool -genkey -alias truststore -keyalg RSA -keystore


2.     Export a certificate from a keyStore:

keytool -export -keystore keystore.jks -alias myalias -file cert.cer

3.     Import the certificate into the trustStore:

keytool -import -trustcacerts -alias myalias -file cert.cer -keystore


You can also re-use a keyStore as a trustStore in which case the certificate does not need to be exported and imported.

To configure a trustStore for Apache Tomcat you need to edit the JAVA_OPTS environment variable in the setenv script, located in the Tomcat conf folder.

q  On Windows, setenv.bat:




q  On Linux,

export JAVA_OPTS="$JAVA_OPTS -'/location/to/truststore/truststore.jks'";