I've realized there are a lot of different methods of setting up a truststore for Tomcat. The three methods I've discovered are:
truststoreFile in server.xmlJAVA_OPTS variable in catalina.shSystem.setProperty("javax.net.ssl.trustStore", path);)Which method takes the highest precedence? (Which will override the other two if all three methods are loaded used simultaneously?) From my understanding, setting the property is the default method, and if that's not done, then it loads the truststore path via server.xml. Is this correct?
I've been in a weird situation where I've been forced to work on a server that I don't manage, and I think they have a global reference to a truststore (that I don't want to use) somewhere, but I can't think of any other place where a truststore path will be defined. I used grep on the server to try and find instances of the word trust or truststore, and nothing of interest was returned. Are there any other places on Unix where a trust store path or information could be initialized?
Any help is greatly appreciated. Thanks!
According to the reference, truststoreFile will override what you have in catalina.sh, startup.sh, the command line, or however you start it. The default is the value of the javax.net.ssl.trustStore system property, which those methods set before starting Tomcat.
Setting the property in code won't have any effect because by the time the code runs the Connector will have already been initialized.