I'm not sure if Lucee still has its own cacerts file, but if it does and that's where you installed it, then it's basically being ignored

So if you're having CommandBox download a version of Java for Lucee to use, then yes.

Run

server info property=javaHome

in the web root to confirm what java is being used by the server

i bet i previously installed the cert to the wrong keystore then

I'm surprised they left it there TBH

Same with the

sslcertificateinstall()

BIF

sadly

That was suggested by a community member

he even put in a big ticket and asked for guidance on a pull request

He was basically ignored by team Lucee and gave up

And no such functionality was implemented

It would have been nice for sure

There were a lot of benefits from Lucee having a trust store-- namely easily installing custom certs. The issue was it got out of date often.

Instead of setting up the hierarchy, they just opted to get rid of it completely, which I don't think was the best move because now we're back to mucking around in a cacerts file buried in your Java installation which can change without notice when Java updates and cannot be easily automated from CFML

That ticket shows how you can get the old behavior back

so instead of trying to muck with the keytool, maybe i'll try to enable the environment variable box env set lucee.use.lucee.SSL.TrustStore=true

but yes

that truly is a terrible setting name, lol

I don't think trying to form a complete English sentence was ideal there

The

env set

command is for setting an env var into the current shell context

The

env

key in your

server.json

is for declaring env vars to be passed to a new server process

And while the current shell context's env vars also get passed to a server, it's a little different application

You could certainly set the env vars via a

.env

file, or a Docker/etc orchestrator

And you can do them ad hoc

env set foo=bar
server start

but in that ad-hoc example, the env vars wouldn't persist in the shell after you closed it

You can have a global env file for env vars you always want in the shell, but this is really a sort of server-specific config so it makes sense to bundle it int he server.json

I think you copied what I typed above before I fixed it

I was missing a dot between

lucee.ssl

Don't trust anything I type from memory into Slack 🙂

Also, for what it's worth you can change the lucee_extensionsn to be nested as well

nested keys are just concatenated with underscores

So

{
  "env": {
    "foo": {
      "bar": "baz"
    }
  }
}

is the same as

{
  "env" : {
    "foo_bar" : "baz"
    }
  }
}

It's just nicer to nest IMO if you are going to have a bunch of env vars all with the same prefix

And, as a general rule, Lucee will check for both

foo.bar

and

foo_bar

conventions