Where should I install the proxy server's certificate?

Hi Bryan,

Thanks for your comment.

The suggestion you provide would install the cert into the cacerts file;

The cert I am installing is not for a certificate authority, but for a server.  There must be a subsidiary certificate store for this, yes?

Hi @Kyle Manel ,

You just need to install the Public certificate of your server in the cacerts file.

It does not matter if it is from an authority or not.

Functionally that is correct, but that is most certainly not best practices.

When I attempt installation of the certificate an error is thrown;
openssl s_client -connect jira.mydomain.com:443 -servername jira.mydomain.com:443 < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/public.crt
140683954233792:error:0200206F:system library:connect:Connection refused:../crypto/bio/b_sock2.c:110:
140683954233792:error:2008A067:BIO routines:BIO_connect:connect error:../crypto/bio/b_sock2.c:111:
connect:errno=111

Hi @Kyle Manel ,

Download the certificate in your local machine and manually add it to your cacert in the server.

It is either you don't have sudoer permission or your server is not accessible to the internet.

Apologies, that is what I am trying to do;

s_client -connect "${SERVER_URL}":"${PORT}" | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/public.crt && cd /usr/lib/jvm/java-8-oracle/bin

The above command, when working as expected, pulls the certificate provided from "${SERVER}":"${PORT}" into /tmp/public.crt

Those steps are also quoted from the link you provided, and which I have used in the past.

I have managed to acquire the cert with other steps though, and I will be importing it tomorrow.  I'm guessing there may have been a firewall issue, which is blocking the cert from being pulled from the proxy, and I will be verifying that when time allows, once I have this issue resolved.