Java Certificate Store

Java uses a certificate store, located in the jre/lib/security directory of your Java installation. If you are using the Directory Synchronization Client with its own Java Runtime, the jre directory is located in the directory where the client is installed.

For secure communications, the server provides a certificate which has been signed by a Certification Authority. The client checks the certificate store for the Certification Authority’s certificate before allowing communication with the server. Because the certificate provided by the cloud service has been signed by a Certification Authority whose certificate is present in the standard Java certificate store, in most cases, no action need be taken to enable secure communications with the cloud service.

Proxy servers typically pass HTTPS traffic unaltered so no action is required when accessing the cloud service via a proxy. Some proxy servers, however, decrypt then re- encrypt the data before passing them to the destination. In this case, the proxy server, rather than the cloud service, supplies the certificate used by the Directory Synchronization Client. If the proxy’s certificate is self-signed or signed by a Certification Authority whose certificate is not in the standard cacerts file, the signing certificate will need to be imported.

If you need secure communications with an internal LDAP server, it is common for the certificate provided by the LDAP server to be either self-signed or signed by a Certification Authority whose certificate is not present in the standard cacerts file. In order to allow secure communications with such a server, you must import the signing certificate into the cacerts file as a trustpoint.