- If the path (including name) of the agent truststore is specified using the <controller-keystore-filename> element in the agent configuration file
controller-info.xml
then agent loads that trustore.
- If not specified in thecontroller-info.xml, the Java Agent then looks for the truststore file with name cacerts.jks in
<agent_home>/verX.X.X.X/conf
directory.
- Note: The permissions on the cacerts.jks file needs to be 644.
- If the cacerts.jks file does not exist in
<agent_home>/versionXXXX/conf,
but the application specifies truststore using a JVM argument -Djavax.net.ssl.trustStore
, then the Java Agent loads that truststore.
- If the Java Agent can not find the certs in any of the above, it will load the default Java truststore of the JVM being instrumented,
<JRE_HOME>/lib/security/cacerts
(password changeit).
Related Links:
Last update:
03-08-2018
01:16 AM