Create a self-signed certificate for the connector, Exchange certificates – Google Search Appliance Connectors Administration Guide User Manual

Create a self-signed certificate for the connector

Generate a self-signed certificate for the connector and export the newly created
certificate.

1. Within the connector’s directory, run the following command:

keytool -genkeypair -keystore keys.jks -storepass changeit -
keypass changeit -alias adaptor -keyalg RSA -validity 365

2. For "What is your first and last name?", enter the hostname of the connector’s

computer. You are free to answer the other questions however you wish (including
not answering them).

3. Answer "yes" to "Is CN=yourcomputershostname, OU=... correct?"
4. Still in connector’s directory, run the following command:

keytool -exportcert -alias adaptor -keystore keys.jks -storepass
changeit -keypass changeit -rfc -file adaptor.crt

5. Copy cacerts from Java to the connector's directory:

For Windows, run the following command:
copy PATH\TO\JRE\lib\security\cacerts cacerts.jks

For Linux ,run the following command:
cp PATH/TO/JRE/lib/security/cacerts cacerts.jks

6. To allow the connector to trust itself, run the following command:

keytool -importcert -keystore cacerts.jks -storepass changeit -
file adaptor.crt -alias adaptor

7. When prompted Trust this certificate?, answer yes.

Exchange certificates

To allow the connector to trust the search appliance:

1. On the connector host, run the following command:

keytool -importcert -keystore cacerts.jks -storepass changeit -
file gsa.crt -alias gsa

2. When prompted Trust this certificate?, answer yes.

To allow the search appliance to trust the connector:

1. In GSA Admin Console, click Administration > Certificate Authorities.