Enabling the eG Agent to Allow Trusted Certificates

If you have configured the eG agent (during agent setup) to allow trusted SSL certificates alone, you need to follow the broad steps below to ensure the same:

• Extract the certificate from the keystore file and export it to a certificate file. The steps for achieving this are explained in the Extracting the SSL Certificate to a Certificate File topic.
• Import the SSL certificate into the JRE of the eG agent. The details on this are discussed in the Importing the SSL Certificate into the JRE of the eG Agent topic. The key limitation of this approach is that, whenever the JRE is upgraded, the SSL certificates in its trust store get overwritten. This can disrupt eG agent-manager communication post the JRE upgrade. To avoid this, it is recommended that you import the SSL certificate into the Windows trust store, and not the JRE's trust store. The procedure for importing an SSL certificate into the Windows trust store of the eG agent host has been discussed in detail in Importing SSL Certificate into the Windows Trust Store of the eG Agent Host.