Key and Trust Store Tab

Key and Trust Store Tab

Overview

The Key and Trust store tabs of the configuration is for storage of any certificates that may be called by adapters or from scripts.

Two stores can be configured; a key store and a trust store. Both are secured by a password that is automatically encrypted.

From a security point of view, it is recommended to make a clear distinction between a trust store and a key store:

  • A trust store only contains public certificates making it ideal to share with other people.
  • A key store contains private keys, which must be kept private.

Both stores must be of the same protocol and format.

The key store is also used as the trust store if no trust store has been defined.

Within each security store tab the following actions can be performed: - Create a new empty store (JKS/PKCS12) - Import a certificate to an existing store - Generate a self signed certificate - Change the password of an existing store - Upload a security store file, a complete key or trust store - Download an existing store - Export the store to TB - Import an existing store from TB_HOME - Delete an existing store

New Security Store

This will provide an empty, password protected, security store to import certificates into. Click the new security store button

Complete the form and click the Create Security Store button.

Field Description Required
Store Password Password to be used to access the new store. yes
Store Type Select from JKS or PKCS12, JKS is recommended. yes

Import Certificate

This will allow to upload a certificate, from the local computer, into the current security store.

Complete the form and click the Upload Certificate button.

Field Description Required
Certificate Alias Alias to assign to the certificate when it is in the store. yes
Store File The certificate file to upload from this computer. yes

Generate Self Signed Certificate

This allows for the creation of a self signed certificate from a generated private and public key pair.

To generate the certificate the password for the security store is needed. Click the Generate Self Signed button and complete the presented form.

Field Description Required
Security Store Password The current password for this security store. yes
Certificate Alias The alias to be given to the newly created self signed certificate. yes
Issuer DN The issuer DN to be given to the newly created self signed certificate. yes
Subject DN The subject DN to be given to the newly created self signed certificate. yes

Once the form is complete click the Generate Self Signed button. A self signed certificate will then be created in the current security store which can be inspected in the same manner as any other certificate listed in the store.

Change Password

Enables the password of the current security store to be changed to a new password. The current password must be known before the change can be made.

Complete the form and click the Change Password button.

Field Description Required
Current Password The current password for this security store. yes
New Password The new password to be used for this security store. yes
Confirm New Password Re-type the new password to be used for this security store. yes

Upload Security Store

Here a complete security store can be uploaded. All certificates in the store will be parsed and readable in the list. This can be used if a client already has a security store that they would like to be used within the context of Trustbuilder.

Complete the form and click the Upload Store File button.

Field Description Required
Store File Security store file selected from this computer. yes
Store Password The password that is used by the security store to be uploaded. yes

Download Security Store

Download the current security store to the local computer for use outside of the context of TBA. Click the download button and save the file to the computer.

Export Security Store

Export the current security store to the related TB servers. This only exports the store file it does not export the config.xml file.

Import Security Store

Import the security store from a single TB server. Click the import button and then select which TB server to import from. This will import just the security store file not the config.xml.

Delete Security Store

This will delete the current security store file and remove the reference from the config.xml file.

Certificate List

After a security store is uploaded or certificates added to a new security store they are listed on the screen, one row for one certificate. The following details are displayed for each certificate: - Alias - Valid date and time - Subject - Issuer

The details of each certificate can be displayed by clicking the relevant Details button found in the certificate row. The following details are displayed:

  • Certificate version
  • Subject
  • Issuer
  • Serial Number
  • Serial Number Hex
  • Valid From date and time
  • Valid To date and time
  • Signature Algorithm
  • Finger Print SHA1
  • Finger Print MD5
  • Authority Key Identifier
  • Key Usage
  • Basic Constraints
  • CRL Distribution Points
  • Certificate Policies
  • Subject Key Identifier

Each certificate can also be read as a certificate string for copy and pasting into an adapter configuration for instance. The string is displayed by clicking the PEM button found in the certificate row. Click the text to select it.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.