Specifying a truststore file

If you are using a TLS connection to an Exchange Server with a TLS certificate not issued by a known certificate authority (CA), you must generate a truststore file to store the Certificate Authority (CA) certificate used to verify the Exchange Server. After that you will need to update the truststore property in the ews.props file.

You can generate the truststore file using the Java keytool utility, which is located in the following directory:


To generate the truststore file in JKS file format, use the following steps:
  1. Use the keytool utility to generate the keystore by running the following command:

    keytool -import -alias server_certificate -file certificate_file -keystore truststore_name

    • server_certificate is an alias (any name will do, for example: ews).
    • certificate_file is the Certificate Authority (CA) certificate for the Exchange Server.
    • truststore_name is the name of the output truststore file, for example, truststore_ews.
  2. When prompted, enter a password for the truststore file and make a note of it.
  3. Store the truststore file in a directory on the machine where the probe is located. For example:


After generating the truststore file, specify the following properties in the ews.props file:
  • TrustStoreFile - Use this property to specify the location of the keystore file created in the steps above.
  • TrustStorePassword - Use this property to specify the keystore password.