[midPoint] Problem about Keystore Configuration

Wed Nov 14 12:03:24 CET 2018

Hi,

Does anyone successfully override the default JVM keystore/truststore location and point it to the midPoint keystore<https://wiki.evolveum.com/display/midPoint/Keystore+Configuration>? We tried to do that but we have problems.

We tried this...

root at MIDPOINTIDM:/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security# -Djavax.net.ssl.trustStore=/opt/midpoint/var/keystore.jceks -Djavax.net.ssl.trustStoreType=jceks
bash: -Djavax.net.ssl.trustStore=/opt/midpoint/var/keystore.jceks: No such file or directory

...but it's says that location does not exist, even it does.

We also tried this...

root at MIDPOINTIDM:/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security# java -Djavax.net.ssl.trustStore=/opt/midpoint/var/keystore.jceks -Djavax.net.ssl.trustStoreType=jceks
Usage: java [-options] class [args...]
           (to execute a class)
   or  java [-options] -jar jarfile [args...]
           (to execute a jar file)
where options include:
    -d32          use a 32-bit data model if available
    -d64          use a 64-bit data model if available
    -server       to select the "server" VM
    -zero         to select the "zero" VM
    -dcevm        to select the "dcevm" VM
                  The default VM is server,
                  because you are running on a server-class machine.

    -cp <class search path of directories and zip/jar files>
    -classpath <class search path of directories and zip/jar files>
                  A : separated list of directories, JAR archives,
                  and ZIP archives to search for class files.
    -D<name>=<value>
                  set a system property
    -verbose:[class|gc|jni]
                  enable verbose output
    -version      print product version and exit
    -version:<value>
                  Warning: this feature is deprecated and will be removed
                  in a future release.
                  require the specified version to run
    -showversion  print product version and continue
    -jre-restrict-search | -no-jre-restrict-search
                  Warning: this feature is deprecated and will be removed
                  in a future release.
                  include/exclude user private JREs in the version search
    -? -help      print this help message
    -X            print help on non-standard options
    -ea[:<packagename>...|:<classname>]
    -enableassertions[:<packagename>...|:<classname>]
                  enable assertions with specified granularity
    -da[:<packagename>...|:<classname>]
    -disableassertions[:<packagename>...|:<classname>]
                  disable assertions with specified granularity
    -esa | -enablesystemassertions
                  enable system assertions
    -dsa | -disablesystemassertions
                  disable system assertions
    -agentlib:<libname>[=<options>]
                  load native agent library <libname>, e.g. -agentlib:hprof
                  see also, -agentlib:jdwp=help and -agentlib:hprof=help
    -agentpath:<pathname>[=<options>]
                  load native agent library by full pathname
    -javaagent:<jarpath>[=<options>]
                  load Java programming language agent, see java.lang.instrument
    -splash:<imagepath>
                  show splash screen with specified image
See http://www.oracle.com/technetwork/java/javase/documentation/index.html for more details.

... but we only got Java help.

We have openjdk-8-jre and openjdk-8-jdk installed on our Ubuntu Server 16.04.5 LTS (64-bit). We use MidPoint 3.8.

Best Regards,

Jan Parttimaa

Jan Parttimaa

1602738,

Tietojenkäsittelyn koulutusohjelma,

Haaga-Helia ammattikorkeakoulu, Pasilan kampus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20181114/60aa5da5/attachment.htm>