For Real-Time API's connecting to an encrypted ADS/RTC, when is it necessary to create a custom K...

ron.bove01

...eystore File?

For Real-Time API's connecting to an encrypted ADS/RTC, when is it necessary to create a custom Keystore File? Assuming the ADS/RTC is using a COMODO root certificate, it seems that the default Keystore that is used by the Application should work fine. So under what circumstances is a custom local Keystore file required and when is it not required? Why?

Gurpreet

Hi @ron.bove01,

The certificate is needed when the underlying programming language does not have a root certificate in its store - and does not use the certificates from the OS. This happens typically with Java, Python etc. COMODO CA certificates are now included with all the recent versions of JDK, and if your ADS is signed by it - should automatically work with it, and won't need a keystore file.

For more information on encryption etc, please see this and this article.

ron.bove01

Thanks for the quick response, Gurpreet. Would you happen to know which versions of the Java JDK include COMODO Certificates?

Gurpreet

https://community.developers.refinitiv.com/discussion/comment/122736#Comment_122736

Hi @ron.bove01,

COMODO CA certificates were added to the default keystore in Java 8u51.

https://www.oracle.com/java/technologies/javase/8u51-relnotes.html

gary.wakefield

Hi @Gurpreet

Do you happen to know from which specific versions of JDK that it included COMODO CA Certs? It would be very useful to know which versions need a local Keystore and which do not.

We have a number of customer JAVA RFA8.x applications that need to migrate to using encrypted connections and it's much better from a support and maintenance perspective if they can avoid needing a local Keystore.

Thanks