Why does Payara set -Djavax.net.ssl.trustStore?

[Dan Fraser]

I find it confusing that Payara trusts a different set of certificates from the stock JDK. 

I'm curious -- why does it do this?

Thanks,

Dan

[Steve Millidge]

This is so you can change the contents of the truststore when creating a domain. Many operating system configurations with java installed won't allow an end user to update the jvm installed truststore and Payara needs to add certs as it uses 2 way ssl between the das and standalone instances.

[Dan Fraser]

So copying the JVM's truststore files into the payara distribution isn't a problem, as long as we're not using a separate DAS.  Makes sense.

I imagine it must also modify the truststore for enable-secure-admin.  Thanks for your response!