Configure Custom Settings for AWS Secret and Top Secret Regions

This section explains how to configure GigaVUE Cloud Suite for AWS in Secret and Top Secret regions. These settings apply to users running AWS services in isolated environments where endpoints and regions are not publicly exposed.

GigaVUE‑FM requires configuration options for CA certificates to connect to these isolated AWS environments.

Note:  This feature has been tested and validated only in IPv4 only environments.

Import CA Certificate for Service Endpoints

Service endpoints in the secure regions may use TLS certificates signed by a Root CA that differs from the default trusted CAs in GigaVUE‑FM. To establish secure HTTPS connections and validate server certificates, GigaVUE‑FM must have the Root CA in its trust store. Importing the Root CA certificate ensures GigaVUE‑FM can securely connect to the endpoints without certificate errors.

To Import Root CA into GigaVUE‑FM Java Trust Store:

1.   Obtain the required Root CA certificate file that signed the TLS certificate for your AWS Secret/Top Secret service endpoints.
2. Enter "sudo keytool -keystore /usr/lib/jvm/java-17-openjdk-17.0.17.0.10-1.el8.x86_64/lib/security/cacerts -list" in GigaVUE‑FM. If prompted for a password, press Enter. The command lists the trusted Root CAs in the JDK trust store. Note the number of entries. The output includes a line such as: Your key store contains 146 entries. Here, the trust store contains 146 entries.
3. To import the Root CA into GigaVUE‑FM, follow the steps listed below:
a. Copy the Root CA into GigaVUE‑FM, for example, to “/home/admin” or “/home/awsuser”.
Copy 
[admin@GigaVUE-FM-6800 ~]$ ll
total 580
-rw------- 1 awsuser awsuser 4201 Nov 13 03:58 ca-chain.crt
b. Import the certificate into JDK trust store:

  1. Run: "sudo keytool -import -alias <RootCAalias> -keystore /usr/lib/jvm/java-17-openjdk-17.0.16.0.8-2.el8.x86_64/lib/security/cacerts -file <RootCA.crt file>".

  2. When prompted for a password, enter the default trust store password: "changeit".

  3. The command displays certificate details (fingerprints, extensions) and prompts: Trust this certificate? [no]: Type yes and press Enter.

  4. After successful import, it will display "Certificate was added to keystore".

  5. Repeat Step I to verify the Root CA is in the trust store. The entry count increases by one, and the Root CA appears in the list with the alias you specified, for example:

    .....

    Your keystore contains 147 entries

    .....

    userca, Nov 13, 2025, trustedCertEntry

    Certificate fingerprint (SHA-256): B0:0C:D7:F1:0B:A2:12:4D:BB:AB:70:90:61:4C:6C:5A:9A:69:D8:49:94:E2:2B:E5:CE:62:72:E1:8B:49:D1:62

    .....

4. Restart the CMS process to apply the certificate import: 
sudo systemctl restart tomcat@cms.service

Note:  You must repeat the import steps when upgrading GigaVUE‑FM.