Hello Sonatype Community,
I am looking for clarification please on the following regarding Outbound SSL Cert Stores.
I already read the Sonatype documentation (link below).
#3 , #4 are my questions. I assume I am correct. Just want to check.
For documentation purposes on myside.
Thanks in advance.
I read the following online Sonatype support documentation for Outbound SSL certificates.
I am using NEXUS OSS 2.14.18.
Because I use OSS I must modify the default JVM TRUSTSTORE file (cacerts) to add my special CA ROOT certs. Then I must edit Nexus properties (wrapper file) to link-in that modified TRUSTSTORE file.
This means there are THREE (3) certificate STORES that NEXUS OSS uses.
CERT STORE 1
The Nexus OSS INTERNAL PRIVATE TRUSTSTORE which cannot be configured since this is OSS version. But it still exists (assuming it must?)
CERT STORE 2
The default Java JVM TRUSTSTORE (cacerts) that is part of JRE that runs the Nexus OSS manager.
CERT STORE 3
My Modified Java JVM TRUSTSTORE (cacert2) that exists in my separate directory, where I modified it, to contain more specialized ROOT CERTS (e.g. from NYS ITS).
Following above, this means ALL THREE (3) STORES will be merged by NEXUS OSS when checking for certificate-trust, when evaluating remote proxy site SSL certificates.