Disabling default certificate authorities
Starting in Maximo® Application Suite 8.11, you can disable default
certificates. Maximo Application Suite provides a built-in set of
certificate authority (CA) certificates and by default automatically trusts a certificate if that
certificate is issued by one of these CAs. To disable the default CAs that are provided, you can
update the custom resource (CR) file for Maximo Application Suite.
If you
disable the default trust then you need to specifically configure certificates and CAs for all
external systems that Maximo Application Suite connects to.
About this task
The trustDefaultCAs variable in the custom resource (CR) is set to True to trust certificates that are issued by one of the default certificate authorities. If the trustDefaultCAs variable is not included in the CR, the use of the default certificate authorities is assumed as True.
To disable and prevent Maximo Application Suite from automatically trusting these default certificate authorities, you must set the trustDefaultCAs variable in the CR is set to False.
Procedure
What to do next
You will have to provide the required CA certificates when configuring all TLS connections from Maximo Application Suite to external services.