Configure the Data Collector to Trust the Certificate Version 10.1.01

SSL Certificate Configuration > Configure the Data Collector to Trust the Certificate

Version 10.1.01

Configure the Data Collector to Trust the Certificate

In cases where the certificate authority (CA) is not trusted, as may be the case when using a self-signed or unknown certificate, both the Data Collector and the Upgrade Manager will need to have the certificate imported into the keystore to ensure that the Data Collector can communicate using SSL. See Keystore File Locations on the Data Collector Server and Import a Certificate into the Data Collector Java Keystore.

Keystore File Locations on the Data Collector Server

Note: For the following commands, if you are not running in the default collector location (/opt/aptare or C:\opt\aptare), substitute the appropriate APTARE_HOME in the command path. See Import a Certificate into the Data Collector Java Keystore.

Linux Data Collector: /opt/aptare/jre/lib/security/cacerts

Windows Data Collector: C:\opt\aptare\jre\lib\security\cacerts

Linux Upgrade Manager: /opt/aptare/upgrade/upgradeManager/jre/lib/security/cacerts

Windows Upgrade Manager: C:\opt\aptare\upgrade\upgradeManager\jre\lib\security\cacerts

Import a Certificate into the Data Collector Java Keystore

Use the following steps to add an SSL certificate to the Java keystore for a Data Collector. Some servers, such as vSphere, require a certificate for connection while communicating with SSL. See also, Configure the Data Collector to Trust the Certificate and Keystore File Locations on the Data Collector Server.

1. Copy the certificate file (certfile.txt) to the Data Collector.

2. Run the following command to add the certificate:

Linux:

/usr/java/bin/keytool -import -alias "somealias" -file certfile.txt -keystore /opt/aptare/jre/lib/security/cacerts

Windows:

C:\opt\jre\bin\keytool -import -alias "somealias" -file certfile.txt -keystore C:\opt\aptare\jre\lib\security\cacerts

3. When prompted, enter the default password to the keystore:

changeit

The results will be similar to the following example:

Enter keystore password:

......

Certificate Shown here

......

Trust this certificate? [no]: yes

4. Once completed, run the following keytool command to view a list of certificates from the keystore and confirm that the certificate was successfully added. The certificate fingerprint line displays with the alias name used during the import.

Linux:

/usr/java/bin/keytool -list -keystore /opt/aptare/jre/lib/security/cacerts

Windows:

C:\opt\jre\bin\keytool -list -keystore C:\opt\aptare\jre\lib\security\cacerts

Sample Linux Output

Enter keystore password:

Keystore type: JKS

Keystore provider: SUN

Your keystore contains 79 entries

digicertassuredidrootca, Apr 16, 2008, trustedCertEntry,

Certificate fingerprint (SHA1): 05:63:B8:63:0D:62:D7:5A:BB:C8:AB:1E:4B:DF:B5:A8:99:B2:4D:43

trustcenterclass2caii, Apr 29, 2008, trustedCertEntry,

Certificate fingerprint (SHA1): AE:50:83:ED:7C:F4:5C:BC:8F:61:C6:21:FE:68:5D:79:42:21:15:6E

.....