To enable Connectors 4 security, you need to generate a self-signed certificate and add it on the GSA and in the connector's trusted store.
To generate and export a self-signed certificate on the connector host:
- Within the connector’s directory, run the following command:
keytool -genkeypair -keystore keys.jks -storepass changeit -keypass changeit -alias adaptor -keyalg RSA -validity 365
- For "What is your first and last name?," enter the hostname of the connector’s computer. You can answer the other questions how you wish (including not answering them).
- For "Is CN=yourcomputershostname, OU=... correct?," answer yes.
- While still in the connector’s directory, run the following command:
keytool -exportcert -alias adaptor -keystore keys.jks -storepass changeit -keypass changeit -rfc -file adaptor.crt
- Copy cacerts from Java to the connector's directory.
For Windows, run the following command:
copy PATH\TO\JRE\lib\security\cacerts cacerts.jks
For Linux, run the following command:
cp PATH/TO/JRE/lib/security/cacerts cacerts.jks
- To allow the connector to trust itself, run the following command:
keytool -importcert -keystore cacerts.jks -storepass changeit -file adaptor.crt -alias adaptor
- For "Trust this certificate?," answer yes.
You can proceed with uploading adaptor.crt on the GSA. For instructions, see Uploading a Certificate Authority Certificate.