Distributing the truststore security certificate to endpoints

You must deploy the truststore security certificate on all endpoints before you can administer the endpoint from the PowerSC GUI server.

Important: As of PowerSC release Version 2.2.0.4, the endpoint truststore file was implemented as a PKCS#12 (P12) file for new installations. A P12 file defines an archive file format for storing cryptographic objects as a single file. Existing endpoint truststore .jks files are saved and converted to P12.

During installation, a truststore file is created and it can be used by all endpoints. The name of the file is endpointTruststore.jks(p12). The file is placed in the /etc/security/powersc/uiServer/ directory.

After installation, you must place the endpointTruststore.jks(p12) file on each endpoint for the PowerSC GUI agent on that endpoint to make contact with the PowerSC GUI server and to initiate the process that results in the creation of the keystore on the endpoint.

You can distribute the truststore file in one of the following ways:
  • Manually copy the endpointTruststore.jks(p12) file to each endpoint.
  • If PowerVC (or another virtualization manager) is used in your environment, the endpointTruststore.jks(p12) file can be put onto the PowerVC image. When the PowerVC image is deployed to an endpoint, both the PowerSC GUI agent and the truststore file are included.
Tip: After the endpointTruststore.jks(p12) is deployed by using one of the methods, and when an endpoint starts running, the PowerSC GUI agent uses the truststore file to determine the location where the PowerSC GUI server is running. The PowerSC GUI agent then sends a message to the PowerSC GUI server with a request to join the list of available and monitored endpoints.