Hello Sonatype Community,
Good afternoon.
I am looking for clarification please on the following regarding Outbound SSL Cert Stores.
I already read the Sonatype documentation (link below).
#3 , #4 are my questions. I assume I am correct. Just want to check.
For documentation purposes on myside.
Thanks in advance.
Thanks,
John Dove
John.Dove@its.ny.gov
[1]
I read the following online Sonatype support documentation for Outbound SSL certificates.
https://help.sonatype.com/repomanager2/secure-socket-layer-ssl/managing-outbound-ssl-certificates
Makes sense.
[2]
I am using NEXUS OSS 2.14.18.
Because I use OSS I must modify the default JVM TRUSTSTORE file (cacerts) to add my special CA ROOT certs. Then I must edit Nexus properties (wrapper file) to link-in that modified TRUSTSTORE file.
Makes sense.
[3]
QUESTION PLEASE
This means there are THREE (3) certificate STORES that NEXUS OSS uses.
As follows.
Correct?
CERT STORE 1
The Nexus OSS INTERNAL PRIVATE TRUSTSTORE which cannot be configured since this is OSS version. But it still exists (assuming it must?)
CERT STORE 2
The default Java JVM TRUSTSTORE (cacerts) that is part of JRE that runs the Nexus OSS manager.
CERT STORE 3
My Modified Java JVM TRUSTSTORE (cacert2) that exists in my separate directory, where I modified it, to contain more specialized ROOT CERTS (e.g. from NYS ITS).
[4]
QUESTION PLEASE
Following above, this means ALL THREE (3) STORES will be merged by NEXUS OSS when checking for certificate-trust, when evaluating remote proxy site SSL certificates.
Correct?