No trusted certificate found

You don't need to use both the XTrustProvider and installCert utility. The XTrustProvider provides a real-time injection into the certificate validation process while installCert will take the server certificate and physically install it into your local trust store.

 

 

So, here's the flow (simplistic version):

 

 

1) client requests connection with BIG-IP

 

2) BIG-IP sends back it's server certificate

 

3) Client library checks the issuer, date, etc from the certificate to make sure it's valid and allowed.

 

3.a) For signing authorities that are not trusted, the client library will look into the local truststore to see if that certificate is present. If so, a connection is allowed. This is what installCert.java will do for you.

 

3.b) If the certificate isn't found in the local truststore, call the lower JSSE libraries validation routines. It is here that XTrustProvider injects itself into the processing and tells the JSSE layer to trust the certificate.

 

 

As you can see, you only need one of the tho options. Using the XTrustProvider is the preferred method as it requires no clientside configuration or setup. If, for some reason, you aren't able to get that working, the client side trust store option is always there.

 

 

-Joe