Configure Truststore in Tomcat
I think I may have found how, or at least one way of doing this. Someone please tell me if there is a better way of processing this. In the Tomcat\bin folder, where the catalina.bat file is I created a setenv.bat file and in there I declared the two Java option properties for;
set JAVA_OPTS="-Djavax.net.ssl.trustStore=C:\path\to\keystore.key" "-Djavax.net.ssl.trustStorePassword=************"
Apparently when Tomcat is started it initiates the catalina.bat file and the catalina.bat file determines if a setenv.bat file exists and if so runs this file to set the Java options.
Again someone please correct me if I am wrong and advise of any better way of doing this. Although apparently where Tomcat is set up as a Windows service the options above are input through the tomcatXw.exe to initiate the Tomcat console and the Java tab is selected.
Incase anybody else is having this question, here is what I did:
1. Navigate to \tomcatDirectory\bin\
2. Edit the catalina.sh/bat depending on you machine.
3. Add these properties to the JAVA_OPTS property
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStore=$CATALINA_HOME/certificates/truststore.ks -Djavax.net.ssl.trustStorePassword=truststorePassword -server"
This will essentially tell tomcat to use the specified truststore instead of the default cacerts truststore which tomcat loads if it does not find any truststore specified in the system properties.
Also, I have noticed that it is possible to define the truststore in tomcat's main configuration file server.xml. All you have to do is set these properties in the connector property.
<Connector port="8443" maxThreads="500"
server="Apache"
scheme="https" secure="true" SSLEnabled="true" acceptCount="500"
keystoreFile="/apps/content/certificates/keystore.ks" keystorePass="keystorepass"
truststoreFile="/apps/content/certificates/truststore.ks" truststorePass="truststorePassword"/>
Try it out, Hope it helps!