SSL Certificate Configuration > Configure the Data Collector to Trust the Certificate
  
Version 10.2.01P10
Configure the Data Collector to Trust the Certificate
In cases where the certificate authority (CA) is not trusted, as may be the case when using a self-signed or unknown certificate, both the Data Collector and the Upgrade Manager will need to have the certificate imported into the keystore to ensure that the Data Collector can communicate using SSL. See Keystore File Locations on the Data Collector Server and Import a Certificate into the Data Collector Java Keystore.
Keystore File Locations on the Data Collector Server
Note: For the following commands, if you are not running in the default collector location (/opt/aptare or C:\opt\aptare), substitute the appropriate APTARE_HOME in the command path. See Import a Certificate into the Data Collector Java Keystore.
Linux Data Collector: /opt/aptare/jre/lib/security/cacerts
Windows Data Collector: C:\opt\aptare\jre\lib\security\cacerts
Linux Upgrade Manager: /opt/aptare/upgrade/upgradeManager/jre/lib/security/cacerts
Windows Upgrade Manager: C:\opt\aptare\upgrade\upgradeManager\jre\lib\security\cacerts
Import a Certificate into the Data Collector Java Keystore
Use the following steps to add an SSL certificate to the Java keystore for a Data Collector. Some servers, such as vSphere, require a certificate for connection while communicating with SSL. See also, Configure the Data Collector to Trust the Certificate and Keystore File Locations on the Data Collector Server.
1. Copy the certificate file (certfile.txt) to the Data Collector.
2. Run the following command to add the certificate:
Linux:
/usr/java/bin/keytool -import -alias "somealias" -file certfile.txt -keystore /opt/aptare/jre/lib/security/cacerts
Windows:
C:\opt\jre\bin\keytool -import -alias "somealias" -file certfile.txt -keystore C:\opt\aptare\jre\lib\security\cacerts
3. When prompted, enter the default password to the keystore:
changeit
The results will be similar to the following example:
Enter keystore password:
......
Certificate Shown here
......
Trust this certificate? [no]: yes
4. Once completed, run the following keytool command to view a list of certificates from the keystore and confirm that the certificate was successfully added. The certificate fingerprint line displays with the alias name used during the import.
Linux:
/usr/java/bin/keytool -list -keystore /opt/aptare/jre/lib/security/cacerts
Windows:
C:\opt\jre\bin\keytool -list -keystore C:\opt\aptare\jre\lib\security\cacerts
 
Sample Linux Output
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 79 entries
digicertassuredidrootca, Apr 16, 2008, trustedCertEntry,
Certificate fingerprint (SHA1): 05:63:B8:63:0D:62:D7:5A:BB:C8:AB:1E:4B:DF:B5:A8:99:B2:4D:43
trustcenterclass2caii, Apr 29, 2008, trustedCertEntry,
Certificate fingerprint (SHA1): AE:50:83:ED:7C:F4:5C:BC:8F:61:C6:21:FE:68:5D:79:42:21:15:6E
.....