[midPoint] Problem about Keystore Configuration

Ivan Noris ivan.noris at evolveum.com
Wed Nov 14 12:19:47 CET 2018


Hi,

this is JVM option, not a command line command.

You need to provide that in the same way as the other JVM parameter are
passed to midPoint.


If you are using standalone midPoint, you can do this:

1. create <midpoint>/bin/setenv.sh file (<midpoint> is the directory
where midPoint is installed)

2. set the JAVA_OPTS variable inside that file:

#!/bin/sh

export JAVA_OPTS="$JAVA_OPTS -D.................."


3. make the file executable: chmod 755 setenv.sh

4. start midPoint


This is mentioned also here:
https://wiki.evolveum.com/display/midPoint/Installing+MidPoint+Server


I'm using this to set additional JAVA_OPTS, but have not overriden the
keystore location.


Best regards,

Ivan


On 14. 11. 2018 12:03, Parttimaa Jan wrote:
>
> Hi,
>
>
> Does anyone successfully override the default JVM keystore/truststore
> location and point it to the midPoint keystore
> <https://wiki.evolveum.com/display/midPoint/Keystore+Configuration>?
> We tried to do that but we have problems.
>
>
> We tried this...
>
>
> /root at MIDPOINTIDM:/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security#
> -Djavax.net.ssl.trustStore=/opt/midpoint/var/keystore.jceks
> -Djavax.net.ssl.trustStoreType=jceks/
> /bash: -Djavax.net.ssl.trustStore=/opt/midpoint/var/keystore.jceks: No
> such file or directory/
>
> ...but it's says that location does not exist, even it does.
>
>
> We also tried this...
>
>
> /root at MIDPOINTIDM:/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security#
> java -Djavax.net.ssl.trustStore=/opt/midpoint/var/keystore.jceks
> -Djavax.net.ssl.trustStoreType=jceks/
> /Usage: java [-options] class [args...]/
> /           (to execute a class)/
> /   or  java [-options] -jar jarfile [args...]/
> /           (to execute a jar file)/
> /where options include:/
> /    -d32          use a 32-bit data model if available/
> /    -d64          use a 64-bit data model if available/
> /    -server       to select the "server" VM/
> /    -zero         to select the "zero" VM/
> /    -dcevm        to select the "dcevm" VM/
> /                  The default VM is server,/
> /                  because you are running on a server-class machine./
> /
> /
> /
> /
> /    -cp <class search path of directories and zip/jar files>/
> /    -classpath <class search path of directories and zip/jar files>/
> /                  A : separated list of directories, JAR archives,/
> /                  and ZIP archives to search for class files./
> /    -D<name>=<value>/
> /                  set a system property/
> /    -verbose:[class|gc|jni]/
> /                  enable verbose output/
> /    -version      print product version and exit/
> /    -version:<value>/
> /                  Warning: this feature is deprecated and will be
> removed/
> /                  in a future release./
> /                  require the specified version to run/
> /    -showversion  print product version and continue/
> /    -jre-restrict-search | -no-jre-restrict-search/
> /                  Warning: this feature is deprecated and will be
> removed/
> /                  in a future release./
> /                  include/exclude user private JREs in the version
> search/
> /    -? -help      print this help message/
> /    -X            print help on non-standard options/
> /    -ea[:<packagename>...|:<classname>]/
> /    -enableassertions[:<packagename>...|:<classname>]/
> /                  enable assertions with specified granularity/
> /    -da[:<packagename>...|:<classname>]/
> /    -disableassertions[:<packagename>...|:<classname>]/
> /                  disable assertions with specified granularity/
> /    -esa | -enablesystemassertions/
> /                  enable system assertions/
> /    -dsa | -disablesystemassertions/
> /                  disable system assertions/
> /    -agentlib:<libname>[=<options>]/
> /                  load native agent library <libname>, e.g.
> -agentlib:hprof/
> /                  see also, -agentlib:jdwp=help and -agentlib:hprof=help/
> /    -agentpath:<pathname>[=<options>]/
> /                  load native agent library by full pathname/
> /    -javaagent:<jarpath>[=<options>]/
> /                  load Java programming language agent, see
> java.lang.instrument/
> /    -splash:<imagepath>/
> /                  show splash screen with specified image/
> /See
> http://www.oracle.com/technetwork/java/javase/documentation/index.html
> for more details./
>
> ... but we only got Java help.
>
>
> We have openjdk-8-jre and openjdk-8-jdk installed on our Ubuntu Server
> 16.04.5 LTS (64-bit). We use MidPoint 3.8.
>
>
> Best Regards,
>
> Jan Parttimaa
>
>
> /Jan Parttimaa/
>
> /1602738,/
>
> /Tietojenkäsittelyn koulutusohjelma,/
>
> /Haaga-Helia ammattikorkeakoulu, Pasilan kampus/
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
Ivan Noris
Senior Identity Engineer
evolveum.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20181114/4a49d4a0/attachment.htm>


More information about the midPoint mailing list