Java Keystores and Truststores

The alias in the command line should match the principal that the openLooKeng coordinator will use. You’ll be prompted for the first and last name. Use the Common Name that will be used in the certificate. In this case, it should be the unqualified hostname of the openLooKeng coordinator. In the following example, you can see this in the prompt that confirms the information is correct:

You can either import the certificate to the default Java truststore, or to a custom truststore. You should be careful if you choose to use the default one, since you may need to remove the certificates of CAs you do not deem trustworthy.

Verify the password for a keystore file and view its contents using keytool.