diff --git a/policy-agent/Dockerfile b/policy-agent/Dockerfile
index 15f0502..7c722e1 100644
--- a/policy-agent/Dockerfile
+++ b/policy-agent/Dockerfile
@@ -30,6 +30,8 @@
 ADD /config/application.yaml /opt/app/policy-agent/config/application.yaml
 ADD /config/application_configuration.json /opt/app/policy-agent/data/application_configuration.json_example
 ADD target/${JAR} /opt/app/policy-agent/policy-agent.jar
+ADD /config/keystore.jks /opt/app/policy-agent/etc/cert/keystore.jks
+ADD /config/truststore.jks /opt/app/policy-agent/etc/cert/truststore.jks
 
 
 RUN chmod -R 777 /opt/app/policy-agent/config/
diff --git a/policy-agent/README.md b/policy-agent/README.md
index d6eb954..90a67c9 100644
--- a/policy-agent/README.md
+++ b/policy-agent/README.md
@@ -11,6 +11,32 @@
    all policies of a type etc.
   -Maps O1 resources (ManagedElement) as defined in O1 to the controlling RIC
 
+The Policy Agent uses the default keystore and truststore that are built into the container. The paths and passwords for these stores are located in a yaml file:
+nonrtric/policy-agent/config/application.yaml
+
+The default truststore includes a1simulator cert as a trusted cert which is located here:
+https://gerrit.o-ran-sc.org/r/gitweb?p=sim/a1-interface.git;a=tree;f=near-rt-ric-simulator/certificate;h=172c1e5aacd52d760e4416288dc5648a5817ce65;hb=HEAD
+
+The default truststore also includes a1controller cert as a trusted cert which is located here (keystore.jks file):
+https://gerrit.o-ran-sc.org/r/gitweb?p=nonrtric.git;a=tree;f=sdnc-a1-controller/oam/installation/sdnc-a1/src/main/resources;h=17fdf6cecc7a866c5ce10a35672b742a9f0c4acf;hb=HEAD
+
+There is also Policy Agent's own cert in the default truststore for mocking purposes and unit-testing (ApplicationTest.java).
+
+The default keystore, truststore, and application.yaml files can be overridden by mounting new files using the "volumes" field of docker-compose or docker run command.
+
+Assuming that the keystore, truststore, and application.yaml files are located in the same directory as docker-compose, the volumes field should have these entries:
+
+volumes:
+      - ./new_keystore.jks:/opt/app/policy-agent/etc/cert/keystore.jks:ro
+      - ./new_truststore.jks:/opt/app/policy-agent/etc/cert/truststore.jks:ro
+      - ./new_application.yaml:/opt/app/policy-agent/config/application.yaml:ro
+
+The target paths in the container should not be modified.
+
+Example docker run command for mounting new files:
+docker run -p 8081:8081 -p 8433:8433 --name=policy-agent-container --network=nonrtric-docker-net --volume <path_to_keystore_dir>/new_keystore.jks:/opt/app/policy-agent/etc/cert/keystore.jks --volume <path_to_truststore_dir>/new_truststore.jks:/opt/app/policy-agent/etc/cert/truststore.jks --volume <path_to_application_yaml_dir>/new_application.yaml:/opt/app/policy-agent/config/application.yaml o-ran-sc/nonrtric-policy-agent:2.0.0-SNAPSHOT
+
+
 To Run Policy Agent in Local:
 In the folder /opt/app/policy-agent/config/, create a soft link with below command,
 ln -s <path to test_application_configuration.json> application_configuration.json
diff --git a/policy-agent/config/application.yaml b/policy-agent/config/application.yaml
index aac4393..e9146e0 100644
--- a/policy-agent/config/application.yaml
+++ b/policy-agent/config/application.yaml
@@ -25,7 +25,7 @@
    ssl:
       key-store-type: JKS
       key-store-password: policy_agent
-      key-store: classpath:keystore.jks
+      key-store: /opt/app/policy-agent/etc/cert/keystore.jks
       key-password: policy_agent
       key-alias: policy_agent
 app:
@@ -33,5 +33,5 @@
   webclient:
     trust-store-used: false
     trust-store-password: policy_agent
-    trust-store: classpath:keystore.jks
+    trust-store: /opt/app/policy-agent/etc/cert/truststore.jks
 
diff --git a/policy-agent/src/main/resources/keystore.jks b/policy-agent/config/keystore.jks
similarity index 100%
rename from policy-agent/src/main/resources/keystore.jks
rename to policy-agent/config/keystore.jks
Binary files differ
diff --git a/policy-agent/config/truststore.jks b/policy-agent/config/truststore.jks
new file mode 100644
index 0000000..1845abe
--- /dev/null
+++ b/policy-agent/config/truststore.jks
Binary files differ
diff --git a/policy-agent/src/main/java/org/oransc/policyagent/repository/Services.java b/policy-agent/src/main/java/org/oransc/policyagent/repository/Services.java
index 1fd08a8..1c0e15a 100644
--- a/policy-agent/src/main/java/org/oransc/policyagent/repository/Services.java
+++ b/policy-agent/src/main/java/org/oransc/policyagent/repository/Services.java
@@ -63,7 +63,7 @@
         return registeredServices.size();
     }
 
-    public void clear() {
+    public synchronized void clear() {
         registeredServices.clear();
     }
 }
diff --git a/policy-agent/src/test/java/org/oransc/policyagent/ApplicationTest.java b/policy-agent/src/test/java/org/oransc/policyagent/ApplicationTest.java
index 7618306..d856c8a 100644
--- a/policy-agent/src/test/java/org/oransc/policyagent/ApplicationTest.java
+++ b/policy-agent/src/test/java/org/oransc/policyagent/ApplicationTest.java
@@ -81,6 +81,7 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.test.context.TestPropertySource;
 import org.springframework.test.context.junit.jupiter.SpringExtension;
 import org.springframework.web.reactive.function.client.WebClientResponseException;
 
@@ -90,6 +91,10 @@
 
 @ExtendWith(SpringExtension.class)
 @SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)
+@TestPropertySource(
+    properties = { //
+        "server.ssl.key-store=./config/keystore.jks", //
+        "app.webclient.trust-store=./config/truststore.jks"})
 class ApplicationTest {
     private static final Logger logger = LoggerFactory.getLogger(ApplicationTest.class);
 
diff --git a/policy-agent/src/test/java/org/oransc/policyagent/MockPolicyAgent.java b/policy-agent/src/test/java/org/oransc/policyagent/MockPolicyAgent.java
index d37a2be..f42a631 100644
--- a/policy-agent/src/test/java/org/oransc/policyagent/MockPolicyAgent.java
+++ b/policy-agent/src/test/java/org/oransc/policyagent/MockPolicyAgent.java
@@ -50,11 +50,16 @@
 import org.springframework.boot.test.context.TestConfiguration;
 import org.springframework.boot.web.server.LocalServerPort;
 import org.springframework.context.annotation.Bean;
+import org.springframework.test.context.TestPropertySource;
 import org.springframework.test.context.junit.jupiter.SpringExtension;
 import org.springframework.util.StringUtils;
 
 @ExtendWith(SpringExtension.class)
 @SpringBootTest(webEnvironment = WebEnvironment.DEFINED_PORT)
+@TestPropertySource(
+    properties = { //
+        "server.ssl.key-store=./config/keystore.jks", //
+        "app.webclient.trust-store=./config/truststore.jks"})
 class MockPolicyAgent {
     private static final Logger logger = LoggerFactory.getLogger(MockPolicyAgent.class);
 
diff --git a/sdnc-a1-controller/northbound/nonrt-ric-api/provider/src/main/java/org/o_ran_sc/nonrtric/sdnc_a1/northbound/restadapter/RestAdapterImpl.java b/sdnc-a1-controller/northbound/nonrt-ric-api/provider/src/main/java/org/o_ran_sc/nonrtric/sdnc_a1/northbound/restadapter/RestAdapterImpl.java
index 928b65f..d2e602f 100644
--- a/sdnc-a1-controller/northbound/nonrt-ric-api/provider/src/main/java/org/o_ran_sc/nonrtric/sdnc_a1/northbound/restadapter/RestAdapterImpl.java
+++ b/sdnc-a1-controller/northbound/nonrt-ric-api/provider/src/main/java/org/o_ran_sc/nonrtric/sdnc_a1/northbound/restadapter/RestAdapterImpl.java
@@ -20,7 +20,7 @@
 
 package org.o_ran_sc.nonrtric.sdnc_a1.northbound.restadapter;
 
-import java.io.FileNotFoundException;
+import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.net.MalformedURLException;
@@ -36,6 +36,7 @@
 import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
 import org.apache.http.conn.ssl.TrustAllStrategy;
 import org.apache.http.impl.client.HttpClients;
+import org.apache.http.ssl.SSLContextBuilder;
 import org.apache.http.ssl.SSLContexts;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -58,7 +59,6 @@
 
 public class RestAdapterImpl implements RestAdapter {
 
-  private static final String PROPERTIES_FILE = "nonrt-ric-api-provider.properties";
   private final Logger log = LoggerFactory.getLogger(RestAdapterImpl.class);
 
   private RestTemplate restTemplateHttp;
@@ -76,24 +76,26 @@
 
   private RestTemplate createRestTemplateForHttps() throws IOException, UnrecoverableKeyException, CertificateException,
               NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
-      InputStream inputStream = RestAdapterImpl.class.getClassLoader().getResourceAsStream(PROPERTIES_FILE);
-      if (inputStream == null) {
-          throw new FileNotFoundException("properties file not found in classpath");
-      } else {
+      try (InputStream inputStream = new FileInputStream(ResourceUtils.getFile("/opt/onap/sdnc/data/properties/https-props.properties"))) {
           Properties properties = new Properties();
           properties.load(inputStream);
-          final String keystorePassword = properties.getProperty("key-store-password");
-          SSLConnectionSocketFactory scsf = new SSLConnectionSocketFactory(
-                  SSLContexts.custom()
-                             .loadKeyMaterial(ResourceUtils.getFile(properties.getProperty("key-store")),
-                                     keystorePassword.toCharArray(), keystorePassword.toCharArray())
-                             .loadTrustMaterial(null, new TrustAllStrategy())
-                             .build(),
-                  NoopHostnameVerifier.INSTANCE);
+          final String keyPassword = properties.getProperty("key-password");
+          final String keystorePassword = properties.getProperty("keystore-password");
+          final String truststorePassword = properties.getProperty("truststore-password");
+          final boolean isTrustStoreUsed = Boolean.parseBoolean(properties.getProperty("isTrustStoreUsed"));
+          SSLContextBuilder builder = SSLContexts.custom()
+                                                 .loadKeyMaterial(ResourceUtils.getFile(properties.getProperty("key-store")),
+                                                         keystorePassword.toCharArray(), keyPassword.toCharArray());
+          if (isTrustStoreUsed) {
+              builder.loadTrustMaterial(ResourceUtils.getFile(properties.getProperty("trust-store")),
+                              truststorePassword.toCharArray());
+          } else {
+              builder.loadTrustMaterial(null, new TrustAllStrategy());
+          }
+          SSLConnectionSocketFactory scsf = new SSLConnectionSocketFactory(builder.build(), NoopHostnameVerifier.INSTANCE);
           HttpClient client = HttpClients.custom().setSSLSocketFactory(scsf).build();
           HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
           requestFactory.setHttpClient(client);
-          inputStream.close();
           return new RestTemplate(requestFactory);
       }
   }
diff --git a/sdnc-a1-controller/oam/installation/sdnc-a1/pom.xml b/sdnc-a1-controller/oam/installation/sdnc-a1/pom.xml
index cd58073..b8816ec 100644
--- a/sdnc-a1-controller/oam/installation/sdnc-a1/pom.xml
+++ b/sdnc-a1-controller/oam/installation/sdnc-a1/pom.xml
@@ -190,9 +190,7 @@
                                 <resource>
                                     <directory>src/main/resources</directory>
                                     <includes>
-                                        <include>idmlight.db.mv.db</include>
-                                        <include>keystore.jks</include>
-                                        <include>aaa-app-config.xml</include>
+                                        <include>*.jks</include>
                                     </includes>
                                     <filtering>false</filtering>
                                 </resource>
diff --git a/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/docker/standalone.Dockerfile b/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/docker/standalone.Dockerfile
index 03977f8..e80187a 100755
--- a/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/docker/standalone.Dockerfile
+++ b/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/docker/standalone.Dockerfile
@@ -45,7 +45,7 @@
 ENV JAVA_SECURITY_DIR /etc/ssl/certs/java
 ENV SDNC_NORTHBOUND_REPO mvn:org.o-ran-sc.nonrtric.sdnc-a1.northbound/sdnc-a1-northbound-all/${sdnc.northbound.version}/xml/features
 ENV SDNC_KEYSTORE keystore.jks
-ENV SDNC_KEYPASS sdnc-a1-controller
+ENV SDNC_TRUSTSTORE truststore.jks
 ENV SDNC_SECUREPORT 8443
 
 USER root
@@ -60,13 +60,11 @@
 
 # Install java certificate
 COPY $SDNC_KEYSTORE $JAVA_SECURITY_DIR
+COPY $SDNC_TRUSTSTORE $JAVA_SECURITY_DIR
 
 # Secure with TLS
 RUN echo org.osgi.service.http.secure.enabled=true >> $ODL_HOME/etc/custom.properties
 RUN echo org.osgi.service.http.secure.port=$SDNC_SECUREPORT >> $ODL_HOME/etc/custom.properties
-RUN echo org.ops4j.pax.web.ssl.keystore=$JAVA_SECURITY_DIR/$SDNC_KEYSTORE >> $ODL_HOME/etc/custom.properties
-RUN echo org.ops4j.pax.web.ssl.password=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties
-RUN echo org.ops4j.pax.web.ssl.keypassword=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties
 
 RUN chown -R odl:odl /opt
 
diff --git a/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/resources/truststore.jks b/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/resources/truststore.jks
new file mode 100644
index 0000000..ce2d0ed
--- /dev/null
+++ b/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/resources/truststore.jks
Binary files differ
diff --git a/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/scripts/startODL.sh b/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/scripts/startODL.sh
index 78d3ea3..54a7b6b 100755
--- a/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/scripts/startODL.sh
+++ b/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/scripts/startODL.sh
@@ -27,12 +27,17 @@
 ODL_HOME=${ODL_HOME:-/opt/opendaylight/current}
 ODL_ADMIN_USERNAME=${ODL_ADMIN_USERNAME:-admin}
 ODL_ADMIN_PASSWORD=${ODL_ADMIN_PASSWORD:-Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U}
+HTTPS_PROPS=${HTTPS_PROPS:-/opt/onap/sdnc/data/properties/https-props.properties}
 SDNC_HOME=${SDNC_HOME:-/opt/onap/sdnc}
 SDNC_BIN=${SDNC_BIN:-/opt/onap/sdnc/bin}
 MYSQL_PASSWD=${MYSQL_PASSWD:-openECOMP1.0}
 INSTALLED_DIR=${INSTALLED_FILE:-/opt/opendaylight/current/daexim}
 export ODL_ADMIN_PASSWORD ODL_ADMIN_USERNAME
 
+echo org.ops4j.pax.web.ssl.keystore=$(cat $HTTPS_PROPS | grep -w key-store | cut -d '=' -f2) >> /opt/opendaylight/etc/custom.properties
+echo org.ops4j.pax.web.ssl.password=$(cat $HTTPS_PROPS | grep -w keystore-password | cut -d '=' -f2) >> /opt/opendaylight/etc/custom.properties
+echo org.ops4j.pax.web.ssl.keypassword=$(cat $HTTPS_PROPS | grep -w key-password | cut -d '=' -f2) >> /opt/opendaylight/etc/custom.properties
+
 #
 # Wait for database
 #
diff --git a/sdnc-a1-controller/northbound/nonrt-ric-api/provider/src/main/resources/nonrt-ric-api-provider.properties b/sdnc-a1-controller/oam/installation/src/main/properties/https-props.properties
similarity index 76%
rename from sdnc-a1-controller/northbound/nonrt-ric-api/provider/src/main/resources/nonrt-ric-api-provider.properties
rename to sdnc-a1-controller/oam/installation/src/main/properties/https-props.properties
index 6a066a6..e3155c5 100644
--- a/sdnc-a1-controller/northbound/nonrt-ric-api/provider/src/main/resources/nonrt-ric-api-provider.properties
+++ b/sdnc-a1-controller/oam/installation/src/main/properties/https-props.properties
@@ -16,5 +16,9 @@
 # limitations under the License.
 # ========================LICENSE_END===================================
 
-key-store-password = sdnc-a1-controller
-key-store = /etc/ssl/certs/java/keystore.jks
\ No newline at end of file
+key-store=/etc/ssl/certs/java/keystore.jks
+key-password=sdnc-a1-controller
+keystore-password=sdnc-a1-controller
+isTrustStoreUsed=true
+trust-store=/etc/ssl/certs/java/truststore.jks
+truststore-password=sdnc-a1-controller
diff --git a/sdnc-a1-controller/oam/installation/src/main/yaml/README.md b/sdnc-a1-controller/oam/installation/src/main/yaml/README.md
new file mode 100644
index 0000000..a82c70d
--- /dev/null
+++ b/sdnc-a1-controller/oam/installation/src/main/yaml/README.md
@@ -0,0 +1,43 @@
+The SDNC-A1 controller uses the default keystore and truststore that are built into the container.
+
+The paths and passwords for these stores are located in a properties file:
+nonrtric/sdnc-a1-controller/oam/installation/src/main/properties/https-props.properties
+
+The default truststore includes the a1simulator cert as a trusted cert which is located here:
+https://gerrit.o-ran-sc.org/r/gitweb?p=sim/a1-interface.git;a=tree;f=near-rt-ric-simulator/certificate;h=172c1e5aacd52d760e4416288dc5648a5817ce65;hb=HEAD
+
+The default keystore, truststore, and https-props.properties files can be overridden by mounting new files using the "volumes" field of docker-compose. Uncommment the following lines in docker-compose to do this, and provide paths to the new files:
+
+#volumes:
+    #  - <path_to_keystore>:/etc/ssl/certs/java/keystore.jks:ro
+    #  - <path_to_truststore>:/etc/ssl/certs/java/truststore.jks:ro
+    #  - <path_to_https-props>:/opt/onap/sdnc/data/properties/https-props.properties:ro
+
+The target paths in the container should not be modified.
+
+For example, assuming that the keystore, truststore, and https-props.properties files are located in the same directory as docker-compose:
+
+volumes:
+      - ./new_keystore.jks:/etc/ssl/certs/java/keystore.jks:ro
+      - ./new_truststore.jks:/etc/ssl/certs/java/truststore.jks:ro
+      - ./new_https-props.properties:/opt/onap/sdnc/data/properties/https-props.properties:ro
+
+
+## License
+
+Copyright (C) 2020 Nordix Foundation.
+Licensed under the Apache License, Version 2.0 (the "License")
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+For more information about license please see the [LICENSE](LICENSE.txt) file for details.
+
+
diff --git a/sdnc-a1-controller/oam/installation/src/main/yaml/docker-compose.yml b/sdnc-a1-controller/oam/installation/src/main/yaml/docker-compose.yml
index c2b9978..93121a7 100644
--- a/sdnc-a1-controller/oam/installation/src/main/yaml/docker-compose.yml
+++ b/sdnc-a1-controller/oam/installation/src/main/yaml/docker-compose.yml
@@ -55,6 +55,10 @@
     environment:
       - MYSQL_ROOT_PASSWORD=openECOMP1.0
       - SDNC_CONFIG_DIR=/opt/onap/sdnc/data/properties
+    #volumes:
+    #  - <path_to_keystore>:/etc/ssl/certs/java/keystore.jks:ro
+    #  - <path_to_truststore>:/etc/ssl/certs/java/truststore.jks:ro
+    #  - <path_to_https-props>:/opt/onap/sdnc/data/properties/https-props.properties:ro
     dns:
       - ${DNS_IP_ADDR-10.0.100.1}
     logging: