Adding a Certificate Authority to a Truststore (or Keystore)

Note: Any changes to their truststore require BVR, BRM, BAM and/or BSM to be restarted to take effect

BVR, BRM, BAM and BSM come with default truststores which includes a long list of trusted certificate authorities. However, it is likely that you will need to add your own Certificate Authorities to this file in order for BVR to trust other systems - for example, systems on your private network, which would not have their certificates signed by a publicly accessible Certificate Authority.

To add a Certificate Authority to your truststore (or keystore), you will need its public key. This is usually supplied in a plaintext file and if opened should appear as base64 encoded data in between begin and end certificate lines as shown:
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
To import this format of public key into your truststore (or keystore), run the following command:
bvr_keytool -import -alias INSERT_RECOGNISABLE_NAME_HERE -file CA_PUBLIC_KEY_FILE -keystore truststore.jks

Information on Certificate Authorities can be found here https://en.wikipedia.org/wiki/Certificate_authority

For further information on the bvr_keytool command, please refer to the Oracle keytool documentation. https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html

Parent topic: Keystores, Truststores and Certificates