This is an extension of the start/stop/status script:
So, ran into a problem. The default instructions of the DataPower agent has a script that installs the communication SSL certificate into the system Java Key Store (JKS <cacerts>). This file is typically only accessible by the system admins and they frown on accepting more responsibilities, especially in context of having to manage certificates within the system cacerts file.
I contacted CA Support (00939937) and they suggested using:
"Please edit DatapowerMonitor.cmd/sh and add -Djavax.net.ssl.trustStore="Custom path" as below %JAVACMD% %JAVA_OPTS% -Djavax.net.ssl.trustStore="C:\apm-dev\jdks\jdk1.8.0_05\jre\lib\security\cacerts" -Xms20m -Xmx4096m -Dcom.wily.introscope.agentProfile=../config/datapower.properties -classpath %CLASSPATH% -Dapp.name="DatapowerMonitor" -Dapp.repo="%REPO%" -Dapp.home="%BASEDIR%" -Dbasedir="%BASEDIR%" com.wily.field.dpmon.DataPowerMonitor -c ../config/DatapowerMonitor-config.xml %CMD_LINE_ARGS%"
Went on a mission to create a cacert file, load the required certificates using InstallCerts.sh, get the cacert file argument set up and get it working.
Create a cacert file
keytool -genkeypair -keystore cacerts -storepass changeit
Delete the dummy certificate from the cacert file
keytool -delete -keystore cacerts -storepass changeit -alias mykey
You can use the keytool -keystore ./cacert -list -v to see that the cacerts file is empty
I created a cacert file for each agent so if something goes wrong, it would only impact a single agent and not every agent using the cacert file. With that, I created the cacert file in the <datapower agent>/bin directory.
Issue the ./InstallCerts.sh <host>:<port> ./cacerts
Then in the DPACtrl.sh file I added the argument to the java command line
Then, get the agent configured and start it up. Well for me it was more so request user accounts, grant the user access to the datapower interface, request network access from the agent host to the datapower host, ask the datapower admin for all of the connection details, host/port/domain/environment, get everything in source control, make a deployment process, test the deployment process, have everything reviewed, schedule the deploy, get the deploy done and hope you got everything in place so when it is started it works in the non-production environment, and lastly, schedule the production deploy.
Hope this helps,