How to add a Trusted Signed Certificate to the keystore file of an Edge Encryption Proxy Description<!-- div.margin{ padding: 10px 40px 40px 30px; } table.tocTable{ border: 1px solid; border-color:#E0E0E0; background-color: rgb(245, 245, 245); padding-top: .6em; padding-bottom: .6em; padding-left: .9em; padding-right: .6em; } table.noteTable{ border:1px solid; border-color:#E0E0E0; background-color: rgb(245, 245, 245); width: 100%; border-spacing:2; } table.internalTable{ border:1px solid; border-color:#E0E0E0; background-color: rgb(245, 245, 245); width: 100%; border-spacing:0; } .sp td{ border-bottom: 1px solid; border-right: 1px solid; border-color:#E0E0E0; background-color: #ffffff; height: 20px; padding-top: .5em; padding-bottom: .5em; padding-left: .5em; padding-right: .5em; } .sphr td{ border-right: 1px solid; border-bottom: 1px solid; border-color:#E0E0E0; background-color: rgb(245, 245, 245); padding-top: .5em; padding-bottom: .5em; padding-left: .5em; padding-right: .5em; height: 20px; } .title { color: #D1232B; font-weight:; font-size:25px; } .hd1{ color: #D1232B; font-weight:; font-size:18px; } .hd2{ color: #646464; font-weight:bold; font-size:16px; } .hd3{ color: #7a7a7a; font-weight:; font-size:16 px; text-decoration:; } .hd4{ color: #000000; font-weight:bold; font-size:14 px; text-decoration:; } --> How to add a Trusted Signed Certificate to the keystore file of an Edge Encryption Proxy ProblemThe Trusted Signed Certificate in the keystore file is not picked by the Edge Encryption ProxySymptomsNavigating to the Edge Encryption Proxy URL shows a certificate error because the certificate is not trusted (self-signed). CauseThe Trusted Signed Certificate is not properly generated/added to the Edge Encryption Proxy keystore file. Solution Back up the current keystore file [KEYSTORE_FILE.jks]. Convert the private key in it to PEM format with OpenSSL. In the following code, substitute your information for these variables: [ALIAS_SRC]: yoursite_company[ALIAS_DEST]: NEW_ALIAS_NAME[PATH_TO_FILE]: the folder where the files are located keytool -importkeystore -srckeystore [PATH_TO_FILE\KEYSTORE_FILE.jceks] -destkeystore [PATH_TO_FILE\MY_FILE.p12] -srcstoretype JCEKS -deststoretype PKCS12 -deststorepass [PASSWORD_PKCS12] -srcalias [ALIAS_SRC] -destalias [ALIAS_DEST] Use OpenSSL to extract the actual private key. openssl pkcs12 -in [PATH_TO_FILE\MY_FILE.p12] -nocerts -out [PATH_TO_FILE\MY_PRIVATE_KEY.pem] With OpenSSL, combine the private key and its signed cert. openssl pkcs12 -export -out [PATH_TO_FILE\PKEY_AND_SIGNEDCERT.pfx] -inkey [PATH_TO_FILE\MY_PRIVATE_KEY.pem] -in [PATH_TO_FILE\MY_SIGNED_CERT.cer] If the original keystore contains both the certificate and its corresponding private key (necessary because this is the proxy presented to the clients) and it is in a format other than JKS (for example, PKCS), convert it to JKS to make it easier to import into the keystore.jceks file. Import into the original keystore (KEYSTORE_FILE.jks) the combined private and signed certificate (PKEY_AND_SIGNEDCERT.pfx). keytool -importkeystore -srckeystore [PATH_TO_FILE\PKEY_AND_SIGNEDCERT.pfx] -srcstoretype pkcs12 -destkeystore [PATH_TO_FILE\KEYSTORE_FILE.jceks] -deststoretype JCEKS Modify the edgeencryption.properties entry edgeencryption.proxy.https.cert.alias to point to [ALIAS_DEST]. Restart the Edge Proxy service. Note: Do not confuse keystore.jceks with the Java Keystore, which is where the certificates that the proxy trusts are stored. This file, named cacerts with no extension, is usually located in the jre\lib\security folder.