Load the Trusted Storage Server Certificate to the Collector's Java Keystore (Optional)

Creating a Certificate from a JVM Keystore (Optional)

You can create a self-signed certificate from the JVM Keystore.

To export the certificate and load it to the Collector’s JVM keystore to be trusted (optional):

On the Storage Server, extract the CER certificate for the keystore. By default, the certificate name is generated from the domain name, e.g. takipi.cer:
keytool -export -keystore <STORAGE_KEYSTORE_FILE> -alias <ALIAS> -file <DOMAIN>.cer
Enter keystore password: <STORAGE_KEYSTORE_PASSWORD>

📘
The Keystore for the Storage Server was created during one of these processes
Using a Publicly-signed Certificate
or
Auto-Generating a Self-signed Certificate

Add the certificate to each of the Collector servers:
a. To check which Java is the currently in use, from the collector.properties configuration file, copy the path to the JVM library: --> takipi.jvm.lib.file=/usr/lib/jvm/java-8/jre/lib/amd64/server/libjvm.so

takipi.backend.url=https://backend.takipi.com/
libraryPath=/opt/takipi/lib
takipi.installation.time=1497372540096323
takipi.jvm.lib.file=/usr/lib/jvm/java-8/jre/lib/amd64/server/libjvm.so
takipi.server.name=my_server_name
...

b. Using the copied path, move to the security directory of the current Java:
$ cd /usr/lib/jvm/java-8/jre/lib/security

c. Copy the .cer to the servers running the Collector using secure file transfer (SCP, SFTP, etc.).

Example to copy from the Storage Server to the local Collector:
$ scp <DOMAIN>.cer <USER>@<COLLECTOR>:/usr/lib/jvm/java-8/jre/lib/security

d. Import the .cer as a trusted certificate:

👍
The default password for the java keystore cacerts is "changeit"

sudo keytool -import -alias <ALIAS> -file <DOMAIN>.cer -keystore cacerts
Enter keystore password: <JVM_KS_PWD>
...
Trust this certificate? [no]: yes```

2. Restart the Collectors:
```sudo /opt/takipi/etc/takipi-stop``` 
```sudo /opt/takipi/etc/takipi-start```

Updated over 4 years ago