Prerequisite of Cloud Repository Addition

1. Overview  

This document outlines the prerequisite steps required for customers who are using an SSL certificate for their custom repository endpoint.To ensure seamless communication between our backend APIs and the repository server, the SSL certificate of the endpoint must be added to the Java Runtime Environment (JRE) truststore.  

When is this required?

The prerequisite steps mentioned in this document are required only when the repository endpoint uses a self-signed certificate or a certificate issued by a private/internal Certificate Authority (CA).
If the endpoint is secured using a publicly trusted SSL certificate issued by well-known Certificate Authorities such as DigiCert, Sectigo, GlobalSign, Let’s Encrypt, etc., these steps are generally not required because such certificates are already trusted by the default Java truststore.

Note: The Certificate addition is to be done on respective products.

Eg:

• Onprem -  ServerBackups / Cloud Serverproxy backups - addition should be on Server/Serverproxy ,

• Onprem(local backups) / Cloud(EndpointBackups) - addition should be on agents.

Also ensure the Endpoint been accessible from the respective machine using,
Windows (In Admin powershell) -  Test-NetConnection s3.ap-southeast-1.wasabisys.com -Port 443
Linux - sudo telnet s3.ap-southeast-1.wasabisys.com 443

Windows:

2. Obtaining the SSL Certificate  

2.1 Using a Web Browser 

1. Open the cloud repository endpoint in a web browser:
   https://<endpoint>

2. Click the padlock icon in the browser address bar.

3. Based on the connection status:

For Secure Connection:

• Click "Connection is secure"

• Select "Certificate (Valid)"

• Navigate to Details → Export

4. Save the certificate file as:
   cloud-cert.cer

Reference Pics to download the SSL/TLS Certificate.

3. Adding Certificate to JRE Trust-store  

Windows <Installation Loaction>\<Product>\jre\ 

      Linux: <Installation Location><Product>/lib/jre

1.  Open command prompt or terminal with administrator/sudo privileges, then run the appropriate command below. 
   

"<JRE_PATH>\bin\keytool.exe" -import -trustcacerts -alias cloud-storage -file <CERT_PATH>\cloud-cert.cer -keystore "<JRE_PATH>\lib\security\cacerts" -storepass changeit

Eg:

4. Important Notes  

• When prompted:

• Trust this certificate? [no]:

• Type: yes

• This step ensures secure HTTPS communication between the application and the cloud repository 

5. Verifying Certificate Installation  

Run the following command: 

"<JRE_PATH>\bin\keytool.exe" -list -keystore "<JRE_PATH>\lib\security\cacerts" -storepass changeit | find "cloud-storage"

• If the alias "cloud-storage" appears in the output — the certificate is successfully installed. If nothing appears, repeat Step 3 and ensure the correct JRE path was used.

6. Service Restart Requirement  

After importing the certificate, restart the relevant service: <Product_Service_Name>

• On Windows: open Services (services.msc), find the service by name, right-click → Restart.

• On Linux: use sudo systemctl restart <service-name> in the terminal.

Example:
BDRShield_Backup_Server_Virtual_Physical_Workloads