When a client accesses a server with a certificate, the server sends back its
certificate. The client needs to check to see if that certificate is trusted. This is done using a
certificate authority list.
-
Create the client's certificate authority list.
-
Save the certificate of the HTTPS server to disk.
Type the server's URL in your Internet browser. When prompted, save the certificate to
disk.
-
Create the client's Certificate Authority List from the certificate that you saved to
disk.
$ openssl x509 -in ServerCertificate.crt -text >> ClientCAList.pem
Note: All trusted certificate authorities are listed. All other certificates that were
trusted by the Root Certificate Authority will also be considered as trusted by the client.
-
Set the global certificate authority list in fglprofile.
The global certificate authority list entry defines the file containing the certificate authority
list used by the Genero Web Services client to validate all certificates coming from the different
servers it will connect
to.
security.global.ca = "ClientCAList.pem"
If security.global.ca is not defined, Genero Web Services will look to see
whether the operating system has a keystore, otherwise
security.global.ca.lookuppath will be used.
The client application is configured to use the appropriate certificate authority list to
validate a server's certificate.