Establish Trust for the Controller's SSL Certificate

To establish trust between the Database Agent and the Splunk AppDynamics Controller, you must create an agent truststore that contains the root certificate for the authority that signed the Controller's certificate.
Note: If you secured your on-premises Controller with a self-signed certificate, see Keystore Certificate Extractor Utility for instructions to create the agent keystore.
  1. Obtain the root certificate for the authority that signed the certificate for the Controller.
    OptionDescription
    For SaaS Controller deployments only You can download the DigiCert root certificates from https://www.digicert.com/digicert-root-certificates.htmand the IdenTrust root certificate from https://www.identrust.com/identrust-commercial-root-ca-1. Ensure to include at least the following certificates:
    • DigiCert Global Root CA
    • DigiCert Global Root G2
    • DigiCert Global Root G3
    • IdenTrust Commercial Root CA 1
    For on-premises Controller deployments Obtain one of the following root certificates:
    • The root certificate for the publicly known certificate authority (CA) that signed the certificate for your on-premises Controller.
    • The root certificate for the internal CA that signed the Controller certificate for your on-premises Controller.
  2. Run the Java keytool command to create the Database Agent truststore: 
    keytool -import -alias rootCA -file <root_certificate_file_name> -keystore cacerts.jks -storepass <truststore_password>
    For example: 
    keytool -import -alias rootCA -file /usr/home/appdynamics/DigicertGlobalRootCA.pem -keystore cacerts.jks -storepass MySecurePassword
    Note: Make note of the truststore password, you need it to configure the Database Agent.
  3. Install the agent truststore to the Database Agent configuration directory: 
    <db_agent_home>/conf/