Set FGLPROFILE entries for the CA list

Clients need to check to see if the server's certificate is trusted. This is done using a certificate authority list.

1. Create the certificate authority list.
   1. Access the URL of the HTTPS server and save its certificates to disk.
      Type the server's URL in your browser. When prompted, save all the certificates from the Certificate Hierarchy. For more information see, Selecting the certificate to add and Missing certificates.
   2. Create the Certificate Authority List by running the following command for each of the certificates that you saved to disk.

      $ openssl x509 -in ServerCertificate.crt -text >> ClientCAList.pem

      All trusted certificate authorities are listed. These are checked following a chain of child to parent certificates until a certificate is reached which is trusted. All other certificates that were trusted by the Root Certificate Authority will also be considered as trusted by the client. For more information see Certificate authorities.

2. Set the entry for the global certificate authority list in your FGLPROFILE file.
   The global certificate authority list entry defines the file containing the certificate authority list used by the client's Genero Web Services to validate all certificates coming from the different servers it will connect to.

   security.global.ca = "ClientCAList.pem"

   The file is located based on the current execution directory. If you use Genero Studio, for instance, fglrun may not be executed in the same directory as when you use the command line. The recommended practice therefore is to specify an absolute path for the .pem, for example:

   security.global.ca = "/opt/usr/certs/ClientCAList.pem"

   If security.global.ca is not defined, Genero Web Services will look to see whether the operating system has a keystore; otherwise, security.global.ca.lookuppath will be used. For further information, see Certificate authorities in HTTPS configuration.