All server certificates are signed by a public CA (Let’s Encrypt). The root CA certificate should be in the trust store for your system, either as part of the operating system (example: Ubuntu or CentOS), the Java Virtual Machine, or the browser. So, when connecting clients, they should be able to validate the server certificate.
For some clients, you need to specify the path to the trust store. The path to the default trust store (CA bundle) varies by the operating system. For example:
- /etc/ssl/certs/ca-bundle.crt (RHEL/CentOS)
- /etc/ssl/certs/ca-certificates.crt (Debian/Ubuntu)
On OSX run this command to export the default certificates to a file:
security find-certificate -a -p /System/Library/Keychains/SystemCACertificates.keychain > ca-certificates.crt
If your client environment does not have the root CA certificate, you can retrieve it from the Credentials menu.
To view the CA certificate, click on the “Click to show CA certificate” box.
To copy the CA certificate to the clipboard, click on the copy button in the top right corner.