Keystore Certificate Extractor Utility

The Keystore Certificate Extractor Utility exports certificates from the Controller's Java keystore and writes them to an agent truststore. It installs to this location:

<agent_home>/<version_number>/utils/keystorereader/kr.jar

To avoid copying the Controller keystore to an agent machine, you can run this utility from the Controller server. Access the agent distribution on the Controller at this location:

<controller_home>/appserver/glassfish/domains/domain1/appagent

Run kr.jar and pass these parameters:
- The full path to the Controller's keystore:
```
<controller_home>/appserver/glassfish/domains/domain1/config/keystore.jks
```
- The truststore output file name. By default, the agent looks for a Java truststore file named cacerts.jks in the <agent_home>/<version>/conf directory in the agent home.
- The password for the Controller's certificate, which defaults to "changeit". If you don't include a password, the extractor applies the password "changeit" to the output truststore.
```
/<full path to application JRE>/bin/java -jar kr.jar <controller_home>/appserver/glassfish/domains/domain1/config/keystore.jks cacerts.jks <controller_certificate_password>
```
Install the agent trust store to the versioned agent configuration directory:
```
<agent_home>/<version_number>/conf/
```

Documentation

Keystore Certificate Extractor Utility