No announcement yet.

Automatically Update SSL Manager Certificates

  • Filter
  • Time
  • Show
Clear All
new posts

  • Automatically Update SSL Manager Certificates

    Mirth 3.6.1
    Running Mirth on Azure Server

    We have a channel using the SSL Manager plugin that uses a certificate that expires every three months.

    I would like to automate the process of importing the new certificate. The plan was to execute a powershell script to download the new certificate, which I am able to do. The next step was to import the certificate into Mirth's trust store, under the same alias that was used when it was originally imported under 'My Certificates' in the SSL Manager.

    I was able to access the (ProgramFiles)\Mirth Connect\appdata\keystore.jks and the Java trust store (cacerts) using the Java Keystore class. However, the certificate that was imported under 'My Certificates' in the SSL Manager was not in either of those locations.

    I know that I could probably use the CLI to log into the Mirth server (from itself) and import a certificate, but that does not seem like the most elegant of solutions.

    Where are the SSL Manager trusted certificates located? If there is another keystore or truststore that I can connect to using the Java Keystore class, that would allow me to import the certificate.

    Is there an easier way to automatically update certificates that expire regularly?

  • #2

    Did you ever resolve this, I am trying to find where imports into "My Certificates" are stored.

    Are they stored on the local filesystem in a file or stored in the Oracle DB for example?




    • #3
      When you import a certificate into "My Certificates" it is stored in a keystore in the Connect database. If you perform the query "select * from configuration where category='SSL Manager'", you'll see that there is a keystore and a truststore, stored as base64 strings.

      Regarding the original question, one option to consider is using the Connect REST API to update the certificate. You can view the API documentation by clicking the "View Client API" button in the Connect Administrator. The relevant endpoint is under Extension Services > POST /extensions/ssl/all.