+ // Truststore
+ Path trustStorePath = Paths.get(getDeployProperty(CmsDeployProperty.SSL_TRUSTSTORE));
+ char[] trustStorePassword = getDeployProperty(CmsDeployProperty.SSL_TRUSTSTOREPASSWORD).toCharArray();
+
+ // IPA CA
+ Path ipaCaCertPath = Paths.get(PkiUtils.IPA_PEM_CA_CERT_PATH);
+ if (Files.exists(ipaCaCertPath)) {
+ KeyStore trustStore = PkiUtils.getKeyStore(trustStorePath, trustStorePassword,
+ getDeployProperty(CmsDeployProperty.SSL_TRUSTSTORETYPE));
+ try (Reader cert = Files.newBufferedReader(ipaCaCertPath, StandardCharsets.US_ASCII);) {
+ PkiUtils.loadTrustedCertificatePem(trustStore, trustStorePassword, cert);
+ Files.createDirectories(keyStorePath.getParent());
+ PkiUtils.saveKeyStore(trustStorePath, trustStorePassword, trustStore);
+ if (log.isDebugEnabled())
+ log.debug("IPA CA certificate stored in " + trustStorePath);
+ } catch (IOException e) {
+ log.error("Cannot trust CA certificate", e);
+ }
+ }
+