Install/Update Certificates on the Agent

Installing dedicated certificates enables you to access hosts with self-signed certificates. You would normally need to import the certificate in the agent keystore in the following two scenarios:

• The connectivity agent is used with an SSL proxy.

• The connectivity agent is used to invoke secure (SSL) on-premises endpoints.

Note:

These tasks require you to briefly stop and restart the connectivity agent, so choose a time when the connectivity agent is not being used.

1. If you need to add a certificate on the agent keystore, use the keytool command to import the certificate into the keystore.p12. Make sure it is installed.
2. Stop the connectivity agent (if it is already running). The agent can be stopped in the two following ways:
   • If the agent is running as a normal process, press Ctrl+C on the command terminal window on which the agent is running, or search for the connectivity agent process and terminate it.
   • If the agent is running as an OS service, open the task manager and stop the oic_agent service.
3. Open a command line and navigate to the %AGENT_ROOT%/agent/cert/ directory. (The keystore.p12 file is available there.)
4. Run the following command:

   keytool -importcert -keystore keystore.p12 -storepass <agent_keystore_password> -alias <alias_name> -noprompt -file <certificate_file_path>

   Where:

   • storepass password: The default, initial password for the agent keystore. Refer to your keytool documentation for the default storepass password. For more information, see the keytool Command.

   • alias alias_name: Any name to uniquely identify the imported certificate in the keystore.

   • file certificate_file: Absolute path of the certificate file.

5. Restart the connectivity agent following Step 3 in Restart.