Overview

Adding custom CA certificates to the Gateway is crucial for ensuring secure communication between the gateway and other components within your environment. Custom CA certificates allow you to establish trust between the gateway and the servers it interacts with. By adding these certificates, you enhance the overall security posture of your system, protect sensitive data, and prevent potential security vulnerabilities. This practice is essential to maintain the integrity of your communication channels and safeguard your network infrastructure.

Upload the CA Certificates to the Gateway

To upload the certificate, you need to generate the certificate locally first. After that, you can proceed to upload the locally issued certificate to both the gateway and vprobe service.

Step 1: Get the Certificate

Get the certificate in .crt format and follow Step 2 to upload it.

Step 2: Upload the Certificate to Windows Gateway

  1. Open Command Prompt as Administrator:
  • Press Start and type cmd.
  • Right-click on Command Prompt.
  • Select Run as administrator.

  1. Run the following command for each certificate using a suitable random string as the {AliasName}

      "C:\Program Files\OpsRamp\Gateway\jdk\bin\keytool.exe" -importcert -noprompt -trustcacerts -alias "AliasName-1" -file C:\Users\gateway\cert1.crt -keystore "C:\Program Files\OpsRamp\Gateway\jdk\lib\security\cacerts" -storepass changeit
    Example:
    "C:\Program Files\OpsRamp\Gateway\jdk\bin\keytool.exe" -importcert -noprompt -trustcacerts -alias mycertificate -file C:\Users\gateway\cert1.crt -keystore "C:\Program Files\OpsRamp\Gateway\jdk\lib\security\cacerts" -storepass changeit

  2. Run the following command to verify if the certificate has been successfully uploaded to the vprobe service.

    "C:\Program Files\OpsRamp\Gateway\jdk\bin\keytool.exe" -list -keystore "C:\Program Files\OpsRamp\Gateway\jdk\lib\security\cacerts" -storepass changeit | findstr "AliasName-1"
    Example:
      "C:\Program Files\OpsRamp\Gateway\jdk\bin\keytool.exe" -list -keystore "C:\Program Files\OpsRamp\Gateway\jdk\lib\security\cacerts" -storepass changeit | findstr "mycertificate"