Using Custom Truststore and Keystore in RTF Applications

Applications are running in containers within RTF.  The apps do not have access to files on the host. Therefore, they can't use truststore or keystore files placed in a directory on the host. The solution is to package the truststore file (usually .jks format) with the application into the same jar file and deploy it in RTF. 

ADDITIONAL INFORMATION

1. Runtime application is not integrated with Secrets Manager so can't import keystore or truststore from Secrets Manager for applications 
2. API Manager is integrated with Secrets Manager so an API Proxy is able to use keystore or truststore in Secrets Manager, referring to the document Build HTTPS API Proxies
3. Configure TLS with Keystores and Truststores
4. Another approach is to override the default Java truststore using the properties below.

           * javax.net.ssl.trustStore=/path/to/your/custom-cacerts 
           * javax.net.ssl.trustStorePassword=yourpassword

NOTE: You must ensure that the custom truststore file is included in the application JAR.

If mTLS is required when using a self-signed certificate, you can configure the keystore in the same way as the truststore by setting javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword