Key and Trust Store Tab
The Key and Trust store tabs of the configuration is for storage of any certificates that may be called by adapters or from scripts.
Two stores can be configured; a key store and a trust store. Both are secured by a password that is automatically encrypted.
From a security point of view, it is recommended to make a clear distinction between a trust store and a key store:
- A trust store only contains public certificates making it ideal to share with other people.
- A key store contains private keys, which must be kept private.
Both stores must be of the same protocol and format.
The key store is also used as the trust store if no trust store has been defined.
Within each security store tab the following actions can be performed: - Create a new empty store (JKS/PKCS12) - Import a certificate to an existing store - Generate a self signed certificate - Change the password of an existing store - Upload a security store file, a complete key or trust store - Download an existing store - Export the store to TB - Import an existing store from TB_HOME - Delete an existing store
New Security Store
This will provide an empty, password protected, security store to import certificates into. Click the new security store button
Complete the form and click the Create Security Store button.
|Store Password||Password to be used to access the new store.||yes|
|Store Type||Select from JKS or PKCS12, JKS is recommended.||yes|
This will allow to upload a certificate, from the local computer, into the current security store.
Complete the form and click the Upload Certificate button.
|Certificate Alias||Alias to assign to the certificate when it is in the store.||yes|
|Store File||The certificate file to upload from this computer.||yes|
Generate Self Signed Certificate
This allows for the creation of a self signed certificate from a generated private and public key pair.
To generate the certificate the password for the security store is needed. Click the Generate Self Signed button and complete the presented form.
|Security Store Password||The current password for this security store.||yes|
|Certificate Alias||The alias to be given to the newly created self signed certificate.||yes|
|Issuer DN||The issuer DN to be given to the newly created self signed certificate.||yes|
|Subject DN||The subject DN to be given to the newly created self signed certificate.||yes|
Once the form is complete click the Generate Self Signed button. A self signed certificate will then be created in the current security store which can be inspected in the same manner as any other certificate listed in the store.
Enables the password of the current security store to be changed to a new password. The current password must be known before the change can be made.
Complete the form and click the Change Password button.
|Current Password||The current password for this security store.||yes|
|New Password||The new password to be used for this security store.||yes|
|Confirm New Password||Re-type the new password to be used for this security store.||yes|
Upload Security Store
Here a complete security store can be uploaded. All certificates in the store will be parsed and readable in the list. This can be used if a client already has a security store that they would like to be used within the context of Trustbuilder.
Complete the form and click the Upload Store File button.
|Store File||Security store file selected from this computer.||yes|
|Store Password||The password that is used by the security store to be uploaded.||yes|
Download Security Store
Download the current security store to the local computer for use outside of the context of TBA. Click the download button and save the file to the computer.
Export Security Store
Export the current security store to the related TB servers. This only exports the store file it does not export the config.xml file.
Import Security Store
Import the security store from a single TB server. Click the import button and then select which TB server to import from. This will import just the security store file not the config.xml.
Delete Security Store
This will delete the current security store file and remove the reference from the config.xml file.
After a security store is uploaded or certificates added to a new security store they are listed on the screen, one row for one certificate. The following details are displayed for each certificate: - Alias - Valid date and time - Subject - Issuer
The details of each certificate can be displayed by clicking the relevant Details button found in the certificate row. The following details are displayed:
- Certificate version
- Serial Number
- Serial Number Hex
- Valid From date and time
- Valid To date and time
- Signature Algorithm
- Finger Print SHA1
- Finger Print MD5
- Authority Key Identifier
- Key Usage
- Basic Constraints
- CRL Distribution Points
- Certificate Policies
- Subject Key Identifier
Each certificate can also be read as a certificate string for copy and pasting into an adapter configuration for instance. The string is displayed by clicking the PEM button found in the certificate row. Click the text to select it.