If you have a public CA certificate (.cer / .crt / .pem) from the backend, ACE uses it to trust the server during SSL handshake.
Place the certificate in a secure directory on the Integration Server machine,example:
/home/ace/certs/ca-backend.crt
Windows example:
C:\ace\certs\ca-backend.crt
Create a Truststore (.jks)
ACE uses JKS (Java Key Store) or PKCS12 for truststores.
Run this command:
keytool -import -alias backendCA -file ca-backend.crt -keystore truststore.jks
Enter a password (remember it).You will now have:truststore.jks
Configure the truststore in ACE server.conf.yaml
Edit:
/var/ace/IntegrationServer/server.conf.yaml
Add under SSLServer or Security section:
Security:
trustStoreFile: "/home/ace/certs/truststore.jks"
trustStoreType: "JKS"
trustStorePassword: "password" # ACE can encrypt later
Or if using an HTTPSRequest node only:
SecurityProfiles:
MySecurityProfile:
SSL:
TrustStoreFile: "/home/ace/certs/truststore.jks"
TrustStoreType: "JKS"
TrustStorePassword: "password"
Using the certificate when calling backend HTTPS
Option A – HTTPRequest Node
Use a Security Profile:
Create a Security Profile under
Resources → Security Profiles in ACE Toolkit.
Select SSL Transport.
Provide:Truststore path,Truststore password,TLS Version (usually 1.2 or 1.3)
Then in the HTTPRequest Node:
Set Use SSL = TRUE
Select Security Profile: MySecurityProfile
Option B – Policy Project (recommended for runtime)
Create policy project → Policy → serverconf or securityProfile
Example security profile policy:
<securityProfile name="BackendSSLProfile">
<ssl>
<trustStoreFile>/home/ace/certs/truststore.jks</trustStoreFile>
<trustStoreType>JKS</trustStoreType>
<trustStorePassword>password</trustStorePassword>
<keyStoreFile></keyStoreFile>
</ssl>
</securityProfile>
Attach this policy to your bar file.
Then in HTTPRequest node:
Security Profile = BackendSSLProfile
Calling the Backend
Backend URL:
https://backend.company.com/api
HTTPRequest node configuration:
URL = backend URL
Method = GET/POST
Use HTTPS
Security Profile = BackendSSLProfile
(Optional) Authentication if backend requires OAuth/JWT/Basic Auth
ACE will now:
Use truststore to validate backend certificate
Perform TLS handshake
Send the request securely
Testing the connection
To confirm truststore works:
openssl s_client -connect backend.company.com:443 -CAfile ca-backend.crt
If certificate is valid, you'll see:
Verify return code: 0 (ok)
------------------------------
[Karthik kumar] [T] [SVP Technology]
[Cannyfore Technology]
[+91 9600929239]
[
karthik.kumar@cannyfore.com]
------------------------------
Original Message:
Sent: Sun November 30, 2025 05:23 AM
From: Abdelazim Elkhole
Subject: Configure Public Certificate
I have a CA Certificate and need to configure it and learn how to use it when calling the backend
------------------------------
Abdelazim Elkhole
Integration Developer
Envnt
Riyad
0508866204
------------------------------