Load the Trusted Storage Server Certificate to the Collector's Java Keystore (Optional)

Creating a Certificate from a JVM Keystore (Optional)

You can create a self-signed certificate from the JVM Keystore.

To export the certificate and load it to the Collector’s JVM keystore to be trusted (optional):

  1. On the Storage Server, extract the CER certificate for the keystore. By default, the certificate name is generated from the domain name, e.g. takipi.cer:
    keytool -export -keystore <STORAGE_KEYSTORE_FILE> -alias <ALIAS> -file <DOMAIN>.cer
    Enter keystore password: <STORAGE_KEYSTORE_PASSWORD>


The Keystore for the Storage Server was created during one of these processes
Using a Publicly-signed Certificate
Auto-Generating a Self-signed Certificate

  1. Add the certificate to each of the Collector servers:
    a. To check which Java is the currently in use, from the collector.properties configuration file, copy the path to the JVM library: --> takipi.jvm.lib.file=/usr/lib/jvm/java-8/jre/lib/amd64/server/libjvm.so

b. Using the copied path, move to the security directory of the current Java:
$ cd /usr/lib/jvm/java-8/jre/lib/security

c. Copy the .cer to the servers running the Collector using secure file transfer (SCP, SFTP, etc.).

Example to copy from the Storage Server to the local Collector:
$ scp <DOMAIN>.cer <USER>@<COLLECTOR>:/usr/lib/jvm/java-8/jre/lib/security

d. Import the .cer as a trusted certificate:


The default password for the java keystore cacerts is "changeit"

sudo keytool -import -alias <ALIAS> -file <DOMAIN>.cer -keystore cacerts
Enter keystore password: <JVM_KS_PWD>
Trust this certificate? [no]: yes```

2. Restart the Collectors:
```sudo /opt/takipi/etc/takipi-stop``` 
```sudo /opt/takipi/etc/takipi-start```