Trusting Additional TLS/SSL Certificates

You can configure additional trusted TLS/SSL certificates for 1Integrate network requests without manually modifying the JRE trust store or system.properties.

Configuration

1Integrate provides a dedicated trust directory for additional TLS/SSL certificates. The application trusts any certificates in this directory for all outbound TLS/SSL connections. The trust directory is located in: <1Integrate installation directory>/TRUST.

File formats

Certificates can be in either the PEM or PKCS12 format. For the PKCS12 format, the files must have .p12, .pfx, or .pkcs12 extensions and not be password protected. The additional certificates are trusted in addition to, not instead of, the default system trusted certificates. Note: You must provide the entire certificate chain if using a custom Certificate Authority.

Adding Certificates

To add trusted certificates:

  1. Place the files into the TRUST directory: <1Integrate installation directory>/TRUST.

  2. Restart the 1Integrate interface to apply the changes.

     Note: This does not modify the system-wide or JVM-level trust store. It only affects TLS/SSL connections made by the 1Integrate application.

     Note: This applies to standard WildFly deployment or Deployment as a Service.

Kubernetes Deployments

Kubernetes-based deployments can mount or manage additional TLS/SSL certificates. See the official 1Integrate Helm charts for more information.