Setting Up Trust for the Knox Gateway Clients
In order for clients to trust the certificates presented to them by the gateway, they will need to be present in the client's truststore as follows:
Export the gateway-identity cert from the $gateway /data/security/keystores/gateway.jks using java keytool or another key management tool.
Add the exported certificate to the cacerts or other client specific truststore or the
gateway.jks
file can be copied to the clients to be used as the truststore.Note If taking this approach be sure to change the password of the copy so that it no longer matches the master secret used to protect server side artifacts.