Import a self-signed certificate to the ODBC truststore

If a Certificate Authority trusted by the ODBC driver has not signed the Edge Encryption proxy server certificate, you must import a self-signed certificate to the ODBC truststore. You can export the certificate from the Edge Encryption proxy server and import it into the ODBC truststore.

Before you begin

To determine whether a Certificate Authority trusted by the ODBC driver has signed the Edge Encryption proxy server certificate, run the following command in the keystore directory in the proxy home directory to view a list of Certificate Authorities trusted by the ODBC driver:
keytool -keystore "<ODBC directory>\ip\Java\jre\lib\security\cacerts" -list

Procedure

  1. Change to the keystore directory in the proxy home directory.
  2. Check the keystore for the self-signed certificate.
    1. To check the keystore for the certificate, you can run the following command to list all the items in the keystore.
      keytool -list -keystore keystore.jceks -storetype jceks -v
    2. Locate the key alias in the list of items.
  3. Using the key alias, export the certificate to a .cer file.
    keytool -export -alias <key alias> -keystore keystore.jceks -storetype jceks -rfc -file <file name>.cer
  4. Change to your ODBC truststore directory: ODBC\ip\Java\jre\lib\security\cacerts.
  5. Import the certificate to your ODBC truststore.
    keytool -keystore cacerts -importcert -alias $<key alias> -file <file name>.cer