Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Cisco Exam 500-430 Topic 6 Question 10 Discussion

Actual exam question for Cisco's 500-430 exam
Question #: 10
Topic #: 6
[All 500-430 Questions]

Instead of using the Enterprise Console Ul, how can an administrator import an existing keypair to manage the Controller SSL certificate?

Show Suggested Answer Hide Answer
Suggested Answer: A

According to the Cisco AppDynamics Professional Implementer (CAPI) documents, the method to import an existing keypair to manage the Controller SSL certificate without using the Enterprise Console UI is to add the keypair to the keystore.jks using a third-party tool (A). The keystore.jks file is the default keystore for the Controller that contains the private keys and certificates for the secure communication on port 8181. If the administrator already has a custom keypair that is signed by a third-party Certificate Authority (CA) or an internal CA, they can use a third-party tool, such as KeyStore Explorer or OpenSSL, to import the keypair into the keystore.jks file. The administrator should also import the root or intermediate certificates of the CA into the cacerts.jks file, which is the default truststore for the Controller. The administrator should use the keytool utility, which is bundled with the Controller installation, to import the certificates into the cacerts.jks file.The administrator should also update the password for the keystore.jks and cacerts.jks files, and restart the Controller to apply the changes12.

The incorrect options are:

Re-run the Controller installer and specify the new keypair. (B) This is not a valid method because the Controller installer does not allow the administrator to specify a custom keypair for the Controller SSL certificate. The Controller installer only allows the administrator to specify the Controller host name, port, account name, access key, and database settings.The Controller installer does not modify the keystore.jks or cacerts.jks files, and does not import any custom keypair or certificate into the Controller keystore or truststore3.

Upload a new keystore.jks file through the Controller UI. This is not a valid method because the Controller UI does not provide any feature to upload a new keystore.jks file for the Controller SSL certificate. The Controller UI only allows the administrator to view and edit the Controller settings, such as the license, the security, the email, the analytics, and the EUM.The Controller UI does not access or modify the keystore.jks or cacerts.jks files, and does not import any custom keypair or certificate into the Controller keystore or truststore4.

Upload the keypair from within the Controller UI. (D) This is not a valid method because the Controller UI does not provide any feature to upload a custom keypair for the Controller SSL certificate. The Controller UI only allows the administrator to view and edit the Controller settings, such as the license, the security, the email, the analytics, and the EUM.The Controller UI does not access or modify the keystore.jks or cacerts.jks files, and does not import any custom keypair or certificate into the Controller keystore or truststore4.


1: Controller SSL and Certificates - AppDynamics

2: How do I resolve SSL certificate validation errors in the .NET Agent? - AppDynamics

3: Install the Controller - AppDynamics

4: Controller Settings - AppDynamics

by Taryn at Mar 15, 2024, 07:52 AM

Limited Time Offer

25%

Off

Get Premium 500-430 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Tamar
3 days ago
That's a good point, Justine. The wording of the question is a bit ambiguous. It doesn't explicitly state that we can't use the Controller UI. I think both A and D are valid options, depending on how the question is interpreted.
upvoted 0 times
...
Justine
4 days ago
I'm not so sure about that. What if the question is specifically asking about how to do this through the Controller UI? In that case, I think option D, uploading the keypair from within the Controller UI, could be the right answer.
upvoted 0 times
...
Christoper
5 days ago
I agree with Lisbeth. Option A seems like the logical choice here. Using a third-party tool to manage the keystore is a common practice, and it's likely the easiest way to import an existing keypair.
upvoted 0 times
...
Lisbeth
6 days ago
Hmm, this is an interesting question. I think the correct answer here is option A, adding the keypair to the keystore.jks using a third-party tool. That seems like the most straightforward way to import an existing keypair without using the Enterprise Console UI.
upvoted 0 times
...

Save Cancel