To identify which outbound TLS connection truststore is being used by a running IQ Server:
- Sign in to IQ Server UI as an admin user and then change the open browser window location URL path to download a support zip: /rest/support
Alternatively: Use the REST API to download a support zip - Save the support zip to disk and open it.
- Inside the support zip, open the ./info/sysinfo.json file.
Look for these Java system properties:javax.net.ssl.trustStore javax.net.ssl.trustStorePassword
- If the properties are present, the truststore being used is at the path specified by the value of the
javax.net.ssl.trustStore
property. - If the properties are not present, then inside./info/sysinfo.json look for the line that contains
java.home
The value of this property should contain a path to the Java runtime home being used by IQ Server. - From the java.home path, you can deduce which of these currently apply to IQ Server:
- if
java-home/lib/security/jssecacerts
is a valid file, trusted certificates for outbound connections IQ Server makes are loaded from here. This file does not exist by default but can be created by a user using keytool. -
java-home/lib/security/cacerts
exists by default. It is pre-loaded with well-known public certificate authority root certificates that allow a client program to trust sites that have certificates signed by them. If for some reason it is missing, there will be no trusted certificates loaded for IQ Server.
- if
See our guide for instructions on How to Configure a Custom Truststore for IQ Server.