+

Search Tips   |   Advanced Search

Key store settings

Use this page to create all keystore types, including cryptographic, Resource Access Control Facility (RACF), Certificate Management Services (CMS), Java, and all truststore types.

To view this console page, click Security > SSL certificate and key management > Manage endpoint security configurations > {Inbound | Outbound SSL_configuration_name}. Under Related Items, click Key stores and certificates. Click either New or an existing keystore.

Links to Personal certificates, Signer certificates, and Personal certificate requests enable you to manage certificates in a manner similar to iKeyman capabilities. A keystore can be file-based, such as CMS or Java keystore types, or it can be remotely managed.

Any changes made to this panel are permanent.

 

Configuration tab

Name

Unique name to identify the keystore. The keystore is typically scoped by the ManagementScope scopeName based on the location of the keystore. The name must be unique within the existing keystore collection.

Data type: Text

Path

Location of the keystore file in the format needed by the keystore type. This file can be a dynamic link library (DLL) for cryptographic devices or a filename or file URL for file-based keystores. It can be a safkeyring URL for RACF keyrings.

Data type: Text

Enable cryptographic operations on hardware device

Specify whether a hardware cryptographic device is used for cryptographic operations only. Operations that require a login are not supported when using this option.

Default: Disabled

Password [new keystore] | Change password [existing keystore]

Password used to protect the keystore. For the default keystore (names ending in DefaultKeyStore or DefaultTrustStore), the password is the Cell name. This default password must be changed. This field can be edited.

Data type: Text

Confirm password

Specify confirmation of the password to open the keystore file or device.

Data type: Text

Type

Specify the implementation for keystore management. This value defines the tool that operates on this keystore type. The list of options is returned by java.security.Security.getAlgorithms("KeyStore"). Some options might be filtered and some might be added based on the java.security configuration.

Data type: Text
Default: PKCS12

Read only

Specify whether the keystore can be written to or not. If the keystore cannot be written to, certain operations cannot be performed, such as creating or importing certificates.

Default: Disabled

Initialize at startup

Specify whether the keystore needs to be initialized before it can be used for cryptographic operations. If enabled, the keystore is initialized at server startup.

Default: Disabled




 

Related tasks


Creating a Secure Sockets Layer configuration

 

Related Reference

Key stores and certificates collection

 

Reference topic