How to Determine Which Outbound Connection TLS Truststore is Used by IQ Server

To identify which outbound TLS connection truststore is being used by a running IQ Server:

1. Signin to IQ Server UI as an admin user and then change the open browser window location URL path to download a support zip: /rest/support
   Alternately: Use the REST API to download a support zip
2. Save the support zip to disk and open it.
3. Inside the support zip, open the ./info/sysinfo.json file.
   Look for these java system properties:

   javax.net.ssl.trustStore
   javax.net.ssl.trustStorePassword

4. If the properties are present, the truststore being used is at the path specified by the value of the javax.net.ssl.trustStore property.
5. If the properties are not present, then inside./info/sysinfo.json look for the line that contains

   java.home

   The value of this property should contain a path to the Java runtime home being used by IQ server.
6. From the java.home path, you can deduce which of these currently apply to IQ server:
   1. if java-home/lib/security/jssecacerts is a valid file, trusted certificates for outbound connections IQ Server makes are loaded from here. This file does not exist by default but can be created by a user using keytool.
   2. java-home/lib/security/cacerts exists by default. It is pre-loaded with well known public certificate authority root certificates that allow a client program to trust sites which have certificates signed by them. If for some reason it is missing, there will be no trusted certificates loaded for IQ Server.

See our guide for instructions on How to Configure a Custom Truststore for IQ Server.