The keystore file path and keystore password is in snapcreator.properties. I'm not sure how the agent-to-server communication is configured (if any) to be verified.

It's not about Server <> Agent, I'm referring to Server <> GUI/Browser

That the Server and Agent don't create individual Keys during installation is another thing.

Right now my concern is just the HTTPS-Certificate delivered from the Server that is issued to NetApp and a blank Host instead of our Company and the appropriate Hostnames.

Our Management-Environment is configured to block all HTTPS connections that don't deliver appropriate Certificates, so using SC via GUI is currently only possible with workarounds.

Stefan,

Here are the directions that I have.

SC Engineering said that these are the directions to change the Server/GUI HTTPS cert, not the agent/server cert:

To load customer specific keystore ( Created using the Customer Certificate and corresponding private keys)

1. Stop Snapcreator server.
2. In the installation directory – go to “scServer4.1.0c/engine/etc”
   • Replace the keystore “keystore.jks“ with the new keystore file
   • Update the following entries in the snapcreator.properties file  
     • SNAPCREATOR_KEYSTORE_PATH --> releative location to the keystore w.r.t installation directory.
     • SNAPCREATOR_KEYSTORE_PASS --> keystore passwd
3. Start the snapcreator server

Please let us know.

Thanks,

John

Hi John

I can create a ordinary x.509 but I don’t think this will be compatible with *.jks File-Format you are using in SC

How should it be converted?

Thanks in advance

Stefan

Sorry, I don't know. I'll ping engineering and get back to you as soon as they get back to me.

John

Hi Stefan,

You can create directly the Java key store file (.jks) file.

In the below link -- refer to the section " Generate a Self Signed Certificate using Java Keytool" for creating the Java key store file.

http://www.sslshopper.com/article-how-to-create-a-self-signed-certificate-using-java-keytool.html

Thanks,

Amar

Hi Amar

Thanks for the Hint.

Selfsigned unfortunately won’t cut it, has to be signed by our own Company-CA.

So would need something to convert the signed Certs to the Java-Format.

Cheers

Stefan

Try the steps in these links to import certs in to a java key store.

http://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html

http://stackoverflow.com/questions/4325263/how-to-import-a-cer-certificate-into-a-java-keystore

BTW what is format of the signed certificate you have?