If you configured your XL Deploy server to use a self-signed certificate and then added the server to XL Release, you will notice that testing the connection fails with the error The XL Deploy server is not available.

To instruct XL Release to trust the XL Deploy server’s certificate, you need to configure a truststore for XL Release. Usually, you do not want to modify the JRE’s global truststore for this purpose.

  1. In XL_DEPLOY_SERVER_HOME/conf, generate a certificate from the XL Deploy keystore file: openssl s_client -showcerts -connect XLDeployServer:port > xldcertificatename.cer
  2. Copy or import the certificate from XL_DEPLOY_SERVER_HOME/conf into XL_RELEASE_SERVER_HOME/conf.
  3. Import all certificates from the JRE global truststore: keytool -importkeystore -srckeystore /etc/ssl/certs/java/cacerts -srcstoretype JKS \ -destkeystore keystore.jks -deststoretype JKS \ -srcstorepass changeit -deststorepass changeit

    Note: changeit is the default password for Java system trustStore.

    Important: If you do not import all certificates from the JRE global truststore, you may lose HTTPS connectivity other applications.

  4. Create a truststore for XL Release. a. To create an empty truststore, use the following command: keytool -importcert -file xldcertificatename.cer -keystore XLReleaseTrustStore.jks -alias xld. b. Alternately, you can copy the Java truststore and add an additional certificate to it: cp $JAVA_HOME/lib/security/cacerts $XL_RELEASE_HOME/conf/XLReleaseTrustStore.jks keytool -importcert -file xldcertificatename.cer -keystore XLReleaseTrustStore.jks -alias xld
  5. Configure XL Release to use the truststore by adding the following lines in XL_RELEASE_SERVER_HOME/conf/xlr-wrapper-linux.conf (for Unix) or XL_RELEASE_SERVER_HOME/conf/xlr-wrapper-win.conf (for Microsoft Windows):

    wrapper.java.additional.X=-Djavax.net.ssl.trustStore=conf/XLReleaseTruststore.jks wrapper.java.additional.X+1=-Djavax.net.ssl.trustStorePassword=password

    Where X is the next number in the wrapper.java.additional list.

    Note: For XL Release 7.x and later, disable the verification of SSL for XL Deploy servers under XL_RELEASE_SERVER_HOME/conf/deployit-defaults.properties by adding the following line: xldeploy.XLDeployServer.verifySSL=false

  6. Start XL Release and add the XL Deploy server.