added a comment - - edited
If you're trying to import agent cert to server keystore with a existing alias name, this is the error message you'll get:
What IP should HQ use to contact the agent [default=10.16.17.38]: localhost
What port should HQ use to contact the agent [default=2144]:
- Received temporary auth token from agent
- Registering agent with HQ
The server to agent communication channel is using a self-signed certificate and could not be verified
Are you sure you want to continue connecting? [default=no]: yes
- Unable to register agent: Failed to connect to agent: Error sending argument: Unable to connect to localhost:2144: Broken pipe, retried 5 times, cmd=agent:ping
It basically didn't tell you anything why the connection failed. We use java.security.KeyStore.store(OutputStream stream, char password) to import the cert. However, it won't give any Exceptions, neither import the cert while there's existing truststore entry has the same alias name.
We reduce this risk by adding UUID to the alias.