adding additional SSL certs to keystore

I’m working on some code that utilizes CFLDAP to make LDAP queries to our AD domain controllers. The server listens on sldap (port 636) so I need to import a certificate into the java keystore for its use.

I’m wondering how to do that with runwar / lucee / commandbox.

I tried lucee’s “services - SSL Certificates” admin section. I can type in the domain controller I’m connecting to and port “636” and then click “list”. It returns a certificate so I click “install” and nothing seems to happen. I tried restarting the server in commandbox after that, and still am not seeing the cert installed or able to make sldap calls to the server.

I remember seeing something called a runwar option called “ssl-add-certs” that takes a comma-separated list of certs to add to the keystore but I’m not sure if that would work in commandbox or not.

Has anyone used “ssl-add-certs” or can give me some pointers on the best way to get this cert into the keystore for cfldap secure queries?

Thanks in advance,


The easiest solution, if you’re using custom or self-signed certs, is to pass a custom keystore in the server.json file as a JVM arg:

server set jvm.args=””

Then you can be assured your custom certificates are imported and ready to go.



we’re using rapidssl through you guys. it says it was processed and approved and would be applied. Can you look to see what else needs to be done?

strike my last comment, and maybe a flogging. Wrong response to the wrong thread.

That was too easy! Thanks Jon! This worked for me.