Answering my own question: if I import the CA into the domain cacerts.jks file
keytool -import -alias ourCA -file ourcacert.pem \
$ASADMINROOT/domains/mydomain/config/cacerts.jks
it is propagated to each server instance when it starts.
On Mon, Dec 8, 2008 at 1:28 PM, Dick Davies <rasputnik_at_hellooperator.net> wrote:
> I had to restore-domain a few days back and it seems
> this had the side effect of resetting the cacert.jks stores on my
> server instances.
> We use an internal CA on our LDAP server, so this broke authentication
> for a little while.
>
> Is that expected behaviour (it makes sense to me)?
> And where is the 'right' place to add a custom CA? Is there a 'master
> keystore' somewhere
> in the domain config I can add this kind of entry that will be
> propagated to the server instances?
>