Rootstore configuration is required for LTV, LTVLITE, and LTVA signature levels. If you use only BES or T levels, this process is not necessary.
The rootstore allows the optimizer to validate certificate chains for each certificate involved in the signature. Without it, long-term validation signatures cannot be produced or verified correctly.
Every certificate added to the rootstore must be in PEM format. PEM files use the following structure:
-----BEGIN CERTIFICATE-----
MIIIWjCCBkKgAwIBAgIIICfKLtFjrRMwDQYJKoZIhvcNAQELBQAwgbkxCzAJBgNV
...
-----END CERTIFICATE-----The number of lines between the header and footer varies depending on the certificate. Each PEM file should contain a single certificate.
Place all PEM files in the following path on the host:
/opt/optimizer_docker/optimizer_data/localstore/The optimizer reads certificates from this directory. Ensure the files have appropriate read permissions for the container.
After placing the certificates, run the following command from the optimizer directory:
docker compose exec optimizer python -m optimizer generate-rootstoreThis command generates the rootstore from all PEM files in the localstore directory.
Restart the SignBox services so the new rootstore is loaded:
docker compose restartOr, for a full restart:
docker compose down
docker compose up -d- LTV signatures — Overview of LTV and LTVLITE signature types and when rootstore is required