Configuring Wire Encryption
Also available as:
PDF
loading table of contents...

Set Up Trust for the Knox Gateway Clients

How to set up trust for the Knox Gateway clients, when configuring SSL for Knox.

In order for clients to trust the certificates presented to them by the gateway, they will need to be present in the client's truststore as follows.
  1. Export the gateway-identity cert from the $gateway /data/security/keystores/gateway.jks using java keytool or another key management tool.
  2. Add the exported certificate to the cacerts or other client specific truststore or the gateway.jks file can be copied to the clients to be used as the truststore.
    Note
    Note

    If taking this approach be sure to change the password of the copy so that it no longer matches the master secret used to protect server side artifacts.