6. Import all Remote Certificates
This step must be repeated on both the agent and manager host machines, for all pairs of agent-managers in your management architecture.
In this step, agent and manager pairs must exchange their certificates. The manager should import the agent's hostCertFile and the agent should import the manager's hostCertFile. If a manager has two agents, it will import two certificates, and each agent will import a copy of the manager's certificate.
Import the certificate into the file containing the trusted Certificate Authorities (CA) certificates. This will add our self-signed certificate as a trusted CA certificate to the cacerts file so that the server and the client will be able to authenticate each other.
$ keytool -import -alias alias -file hostCertFile -noprompt -trustcacerts
-storetype jks -keystore JAVAhome/jre/lib/security/cacerts
-storepass changeit
|
This command modifies the JAVAhome/jre/lib/security/cacerts which will affect all applications running on that installation. If you do not want to modify this file, you could create a file named jssecacerts and use it instead. The default location of this file is either JAVAhome/lib/security/jssecacerts or if that does not exist, then JAVAhome/lib/security/cacerts.
- © 2010, Oracle Corporation and/or its affiliates