If the path (including name) of the agent truststore is specified using the <controller-keystore-filename> element in the agent configuration file controller-info.xmlthen agent loads that trustore.
If not specified in thecontroller-info.xml, the Java Agent then looks for the truststore file with name cacerts.jks in <agent_home>/verX.X.X.X/conf directory.
Note: The permissions on the cacerts.jks file needs to be 644.
If the cacerts.jks file does not exist in <agent_home>/versionXXXX/conf, but the application specifies truststore using a JVM argument -Djavax.net.ssl.trustStore, then the Java Agent loads that truststore.
If the Java Agent can not find the certs in any of the above, it will load the default Java truststore of the JVM being instrumented, <JRE_HOME>/lib/security/cacerts (password changeit).
