When a user logs in to PRIME with a certificate, the PRIME server does a validation of the corresponding certificate revocation lists (CRLs). To check the certificate chain of the CRL Signing CA, there is a separate truststore configured on the PRIME server.
To configure the path to the truststore
- On the PRIME server, open the file system.properties.
Modify the path to the truststore, if needed:
jksKeyStoreProvider.keyStorePath = "file:C:/primeCerts/crlCaChain-truststore.jks"
jksKeyStoreProvider.keyStorePassword = "123456"
For more information on how to configure a truststore file with the java keytool, see Configure https for Tomcat.