Skip to main content


Truststore certificates

This page provides you with instructions to import certificates into the Unravel trust store for certificate chain validation. This includes Certificate Authority (CA) certificates as well.

The following certificate formats are supported:

  • PEM (.pem)

  • JKS (.jks)

  • PKCS12 (pkcs12, .p12, .pfx)

Multiple certificates can be passed through trust add command, and it can also be called multiple times. All the calls will add the certificates to the trust store. By default, the store is located at data/certificates/trusted_certs.pem and trusted_certs.pkcs12.

To add and set the certificates in Unravel trust store, do the following:

  1. Download the certificates to a directory. For example: wget

  2. Provide permissions to the user, who installs unravel, to access the certificates folder.

    chown -R username:groupname /path/to/certificates/directory
  3. Upload the certificates.

    ## Option 1
    <unravel_installation_directory>/unravel/manager config tls trust add </path/to/the/certificate/files
    ## Option 2
    <unravel_installation_directory>/unravel/manager config tls trust add --pem </path/to/the/certificate/files>
    <unravel_installation_directory>/unravel/manager config tls trust add --jks </path/to/the/certificate/files>
    <unravel_installation_directory>/unravel/manager config tls trust add --pkcs12 </path/to/the/certificate/files>
  4. Enable the Truststore

    <unravel_installation_directory>/unravel/manager config tls trust <enable|disable>
    <unravel_installation_directory>/unravel/manager config apply
  5. Verify the connection.

    <unravel_installation_directory>/unravel/manager verify connect <Cluster Manager-host> <Cluster Manager-port>
    For example: /opt/unravel/manager verify connect 7180
    -- Running: verify connect 7180
     - Resolved IP:
     - Reverse lookup: ('', [], [''])
     - Connection:   OK
     - TLS:      No
    -- OK

Also, refer to Enabling Transport Layer Security (TLS) for Unravel UI.