Automatically Import Certificates and Verify a Client Keystore

When you use certificates that are not provided by a public certificate authority, such as self-signed certificates, import them into the agent keystore first. Before the agent accepts a connection, it verifies the certificate against the default agent keystore, which contains certificates from public certificate authorities. When you use a certificate from a private certificate authority, unless it has been imported into the agent keystore, the agent views the certificate as coming from an untrusted source, and it refuses the connection. 
Automatically Import Certificates
When you use certificates that are not provided by a public certificate authority, such as self-signed certificates, import them into the agent keystore first. Before the agent accepts a connection, it verifies the certificate against the default agent keystore, which contains certificates from public certificate authorities. When you use a certificate from a private certificate authority, unless it has been imported into the agent keystore, the agent views the certificate as coming from an untrusted source, and it refuses the connection. 
To ensure that the agent accepts the connection for private (or self-signed) certificates, you can set a parameter in the agentparm.txt file temporarily to force the agent to import the the certificate into the agent keystore. After the agent has imported the certificate, you can remove the setting. 
Use one of the following parameters, depending on whether you are using an HTTPS or FTPS connection.
HTTPS
https.client.ssl.accept_new_ca=
Set this parameter to true to have the agent import the SSL certificates to the default keystore when you are using HTTPS to connect or run jobs.
FTPS
ftp.client.ssl.accept_new=
Set this parameter to true to have the agent import the SSL certificates to the default keystore when you are using FTPS to connect or run jobs. After you run the job, set the parameter to false to enable certificate validation. If you leave it set to true, certificates are not validated, because the agent automatically adds them to the agent keystore.
The FTP parameter is for FTP jobs using SSL is FTPS or FTP-SSL. FTPS is not the same as SFTP. SFTP is based on the SSH (Secure Shell) protocol which is best known for its use in providing secure access to shell accounts on remote servers. 
List Certificates in the Keystore
To verify that the certificate is valid, assuming the keystore location has not been overridden by an agent parameter, you can list the certificates in the keystore. Follow these steps: 
  1. Change to the agent installation directory.
  2. Enter the following command:
    keytool -list -v -keystore cacerts