Create Truststore in Aternity Deployment

Truststore is used to store certificates from trusted Certificate authorities (CA) which are used to verify certificate presented by servers in SSL connection.

Use the procedure described in this article to create a truststore. It will hold the certificates of external systems that you trust.

Aternity's security extends to both the server side and the Agent for End User Devices installed on your end user devices, applying a broad set of methods across all access points in the system.

Procedure

  1. Step 1 On the Docker Components server, run cd /root/aternity-docker-components to browse to the directory where the Docker Components setup files reside.
  2. Step 2 Run mkdir cert to create a directory for all your CA certificates.
    Create a directory for all CA certificates
  3. Step 3 Copy you custom CA certificate(s) to that directory called cert.
  4. Step 4 Run the command:
    docker run -it --rm --entrypoint /bin/bash -v ${PWD}/cert:/cert -w /cert `docker image ls -q riverbed_dps`
    A docker container comes with the default Java truststore. In this step, you map your custom certificate directory created in a previous step to the container with the default truststore in order to combine all certificates, default and custom.
  5. Step 5 Copy the Java truststore file by running the command: cp /etc/ssl/certs/java/cacerts truststore.jks.
  6. Step 6 (Optional) To change the truststore password (the default is changeit), run keytool -storepasswd -keystore truststore.jks -storepass changeit and provide a new password.
    Change the truststore password
  7. Step 7 Add your CA certificate to the truststore by doing the following:
    1. a Run the command:
      keytool -import -keystore truststore.jks -trustcacerts -noprompt -alias <some alias> -file <CA certificate file name>
    2. b Repeat the command for each certificate you want to add.
    3. c Assign a different alias name for each new entry, where an entry is a CA certificate file).
    4. d Enter the truststore password you defined in step 6. If it was not changed, enter the default one which is changeit.
      Add certificates to the truststore
  8. Step 8 Exit the container by running exit.
    Exit the container
  9. Step 9 On the Docker Components server, edit the properties.ini file in the SSL section with the new truststore details as shown on the below image.
    The file is located in the directory with the aternity-docker-admin tool.
    Update Properties.ini with truststore that holds all SSL certificates and its password

    Use this truststore for all components (Management Server, Aggregation Server, Docker Components server, etc.)