The following steps describe how to import a certificate through a distribution's settings.xml
file (<distribution_path> /config/settings.xml
)
data\ssl\certName.cer
If several connect sources are using secure repositories (https), it's necessary to repeat the previous steps for each one, but keeping the same keystore file. So this file will contain all different certificates.
To import multiple certificates (for different connectors) use -alias parameter in step 3
Add the following section into your distribution settings.xml file.
<trustore> <keystorefile><distribution_path>data\ssl\mykeyStore.ks</keystorefile> <password>admin123</password> </trustore>
Save the changes and start the crawling.
Important Note (known limitation):
If you set a wrong path or password, you will receive an SSL exception (the trustAnchors parameter must be non-empty) and the crawl will not start. However, if you change the values to the correct path or password and try again, you will receive the exception again.The problem is that these are global settings – so everything running in your JVM must use that truststore. You can't alter those system properties during runtime and expect the changes to take effect. Once you ask the JVM to make a secure connection, the system property values appear to be cached in the JVM and are used thereafter for the life of the JVM. Therefore, you must restart Aspire for the changes to take effect.