Importing the SSL Certificate into the JRE of the eG Agent

To achieve this, do the following:

1. Login to the eG agent host.
2. Open the command prompt and set the path to <EG_INSTALL_DIR>\jre\bin;%path%, using the command:

set path=<EG_INSTALL_DIR>\jre\bin;%path%

3. Then, using the keytool command, import the manager certificate to the JRE of the eG agent. A sample command has been given below:

keytool -import -file C:\tmp\eGCert.cer -alias egcert -keystore <EG_INSTALL_DIR>\jre\lib\security\cacerts

The parameters expected by this command are:

• -alias : an alias name for the certificate being imported; make sure that you provide the same alias name that you provided while generating the keystore file (see Generating the Keystore File or Generating a Keystore File, depending upon whether the certificate is a self-signed certificate or a certificate obtained from a valid certificate authority). If you are extracting the SSL certificate from the default keystore that is bundled with the eG manager, then first determine the alias name using which the keystore file was created. For this, from the <EG_INSTALL_DIR>\java\jdk\bin directory, run the following command:

keytool –list –v –keystore egmanager.bin

This command will prompt for the keystore passphrase. Type eginnovations and press Enter. This will provide the details of the default keystore. From these details, you can infer the Aliasname.

• -file : the full path to the .cer file that was created in the Extracting the SSL Certificate to a Certificate File.
• -keystore : the keystore file that the JVM used by the agent checks for trusted certificates; specify the same file name that you used to store the key (see Generating the Keystore File or Generating a Keystore File, depending upon whether the certificate is a self-signed certificate or a certificate obtained from a valid certificate authority). For the default certificate bundled with the eG manager, the –keystore should be egmanager.bin.
• This command, upon execution, will request for the keystore password. Provide the same keystore password you provided when generating the keystore file (see Generating the Keystore File or Generating a Keystore File, as the case may be). For the default certificate bundled with the eG manager, the password should be eginnovations.
4. Finally, the command will request your confirmation to make the imported certificate a trusted one. Enter yes to trust the certificate.
5. If the processing was successful, then a message stating that the “Certificate was added to keystore” will appear. Figure 1 depicts the processing explained above.

Figure 1 : The process of importing and trusting the manager certificate

6. Now, start the agent.