Keystore Certificate Extractor Utility

The Keystore Certificate Extractor Utility exports certificates from the Controller's Java keystore for the Database Agent truststore. It installs to the following location:

<agent_home>/utils/keystorereader/kr.jar

To avoid copying the Controller keystore to a Database Agent machine, you can run this utility from the Controller server. Access the agent distribution on the Controller at the following location:

Run the Keystore Certificate Extractor Utility from the Controller:

% /<full path to application JRE>/bin/java -jar <controller_home>/appserver/glassfish/domains/domain1/appagent/<controller_version>/utils/keystorereader/kr.jar

Enter the following when prompted:
- The full path to the Controller's keystore:
```
Enter input keystore: <controller_home>/appserver/glassfish/domains/domain1/config/keystore.jks
```
- The truststore output file name. By default the Database Agent looks for cacerts.jks.
```
Enter output agent truststore file name: <controller_home>/appserver/glassfish/domains/domain1/config/keystore.jks
```
  The password for the Controller's certificate, which defaults to "changeit". If you don't include a password, the extractor applies the password "changeit" to the output truststore.
Example command to execute kr.jar:
```
/<full path to application JRE>/bin/java -jar kr.jar <controller_home>/appserver/glassfish/domains/domain1/config/keystore.jks cacerts.jks <controller_certificate_password>
```
Install the agent trust store to the agent configuration directory:
```
<db_agent_home>/conf/
```

Documentation

Keystore Certificate Extractor Utility