Re: Making your landscape trust a certain certificate authority
A couple options...toggle quoted message Show quoted text
1.) If you only need the cert for one or a couple apps and / or you don't
want to manage a fork, you can package the CA cert with the application.
Then add a `.profile.d` script  that sets up the certificate that you
packaged with the app. I don't have an example off-hand, but the
.profile.d script could call keytool and import your ca cert or just move a
keystore containing your ca cert from the app files and overwrite the JVM
2.) Write your application so that it can utilize it's own truststore.
It's a little more work, but most things that use a truststore in the JVM
allow you to customize the behavior specifying your own truststore. If the
app were to do this, it could then expose a configuration option through
which it's users could set their own truststore. Then users wouldn't need
to depend on what certs are installed by default.
 - https://devcenter.heroku.com/articles/profiled (CF honors them too)
On Tue, Sep 29, 2015 at 4:50 PM, Mathias Essenpreis <esse(a)gmx.de> wrote: