Rootstore configuration is required for LTV and LTVLITE signature levels. If you do not use these levels, this process is not necessary.
The rootstore allows the Optimizer to include and validate the full chain of trust for each certificate involved in the signature. Without it, long-term validation signatures cannot be produced or verified correctly.
Every certificate added to the rootstore must be in PEM format. Example:
-----BEGIN CERTIFICATE-----
MIIIWjCCBkKgAwIBAgIIICfKLtFjrRMwDQYJKoZIhvcNAQELBQAwgbkxCzAJBgNV
...
-----END CERTIFICATE-----The number of lines between the header and footer depends on the certificate. Each PEM file should contain a single certificate.
Place all PEM files in the following path on the host:
/opt/optimizer_docker/optimizer_data/localstore/(or the equivalent path where your Optimizer data volume is mounted).
After loading all desired certificates, run the following command inside the optimizer container:
docker compose exec optimizer python -m optimizer generate-rootstoreThis updates the rootstore used by the Optimizer for LTV/LTVLITE signatures. Restart the Optimizer if required by your deployment (e.g. docker-compose restart).
- Configuration overview
- LTV/LTVLITE — Refer to the One-Shot API documentation for signature level details