For the servers to trust each other, they must have the certificate of every other server
in their truststore. The same truststore can be used for client-to-node encryption and for
node-to-node encryption. When the truststore for each server is created, the server public
certificate is exported to a file.
About this task
To create a truststore:
Procedure
-
Log in to the ZooKeeper server as the user who installed Sterling B2B Integrator and Global
Mailbox.
- Use the Java™
keytool utility with the following input:
-importcert
-alias <name> -file <path to cert
file>.cer
-keystore <path to truststore> -storepass <password>
-storetype JKS
-alias <name>
Alias can be any value. This might be the same alias from the keystore, or a descriptive label
like self.
-file <path to cert file>
Specifies the fully-qualified path to the file where the server public certificate is exported
when its personal certificate was created in Generating a self-signed personal certificate.
-keystore <path to truststore>
Specifies the fully-qualified path of the server truststore file that is created (for example:
/etc/cassandra/conf/truststore.jks).
-storepass <password>
The truststore password can be any value. It is used to generate a key to encrypt the truststore
file.
-storetype JKS
The keystore type must be JKS.
-
When prompted, enter y to add the certificate into the truststore:
Trust this certificate? [no]: y
Certificate was added to keystore
- Create a trust store for each ZooKeeper server in all data centers.