Home

Truststore certificates

This topic provides information about how to trust certificates so that Unravel can connect successfully to services using HTTPS. Ideally, this should only be used to trust root certificates. The service you connect to should provide the server certificate and its trust chain. For Unravel services, this can be done by following the instructions here.

When connecting to other services that only reply with the server certificate and if you do not know the chain, the connection will fail. In this case, you can add one or more certificates to verify the chain.

Assumptions

  • You have the following handy:

    • One or more certificate files containing the missing links to validate the chain.

    • Missing certificates to form the chain.

  • Unravel is installed in /opt.

Add and set the certificates in Unravel truststore

To add and set the certificates in Unravel truststore, do the following:

  1. Ensure that you have the following handy on the server:

    • Certificate files containing the missing links to validate the chain.

    • Missing certificates to form the chain.

  2. Stop Unravel.

    /opt/unravel/manager stop
    
  3. Add the certificate files.

    /opt/unravel/manager config tls trust add <one or more certificate files>
    

    Note

    The command accepts the following file formats and relies on the extension to identify the format:

    • PEM (.pem)

    • JKS (.jks)

    • PKCS12 (pkcs12, .p12, .pfx)

    If you are using a different file extension, you must specify the file as follows:

    • --pem <filename>

    • --jks <filename>

    • --pkcs12 <filename>

  4. Enable the truststore and apply changes.

    /opt/unravel/manager config tls trust enable
    /opt/unravel/manager config apply
    
  5. Verify the configuration.

    /opt/unravel/manager verify connect <ADDRESS> <PORT>
    
  6. Start Unravel.

    /opt/unravel/manager start
    
Example:
/opt/unravel/manager stop
/opt/unravel/manager config tls trust add /path/to/trusted.pem
/opt/unravel/manager config tls trust enable
/opt/unravel/manager config apply
/opt/unravel/manager verify connect my-server.domain 1234
/opt/unravel/manager start

Also, refer to Enabling Transport Layer Security (TLS) for Unravel UI.

Disable truststore for Unravel

  1. Stop Unravel.

    /opt/unravel/manager stop
    
  2. Disable the truststore and apply changes.

    /opt/unravel/manager config tls trust disable
    /opt/unravel/manager config apply
    
  3. Start Unravel.

    /opt/unravel/manager start
    
Example
/opt/unravel/manager stop
/opt/unravel/manager config tls trust disable
/opt/unravel/manager config apply
/opt/unravel/manager start

Also, see: