Network Deployment (Distributed operating systems), v8.0 > Reference > Sets

Keystores and certificates collection

Overview

To manage keystore types, including cryptography, Resource Access Control Facility (RACF) , Certificate Management Services (CMS), Java, and all trust store types...

Security | SSL certificate and key management | Configuration settings | Manage endpoint security configurations | {Inbound | Outbound} | ssl_configuration | Related items | Keystores and certificates

In most cases, having unused and expired signer certificates in a trust store does not cause problems. However, if you experience a problem because the trust store includes an unused or expired signer certificate, you can safely delete the following expired signer certificates from the dummy keystores files:

• DummyClientKeyFile.jks
• DummyClientTrustFile.jks
• DummyServerKeyFile.jks
• DummyServerTrustFile.jks

Keystores and certificates buttons

Button	Resulting action
New	Add a new keystore object that can be referenced by SSL configurations or KeySets. The Keystore management scope is based on the part of the topology tree from which it was created.
Delete	Delete an existing keystore. The keystore should not be referenced by any other parts of the configuration before you delete it.
Change password	Allows for changing a keystore password.
Exchange signers	We can select two keystores, along with personal certificates or signer certificates from a selected keystore, then add them as a signer to another selected keystore.

Keystore usages

Filters the keystore usage types in the keystore collection.

The default value for the keystore usage filter depends on the navigation path that you followed to get to the Keystores and certificates panel. We can change the value of the keystore usage filter by clicking on the drop-down list and selecting a different filter value.

Navigation path	Keystore usage default value
Security > SSL certificate and key management > Keystores and certificates	SSL keystores
Security > SSL certificate and key management > Key sets > CellLTPAKeyPair > Keystores and certificates	Key set keystores
Security > SSL certificate and key management > SSL configurations > CellDefaultSSLSettings > Keystores and certificates	SSL keystores
Security > SSL certificate and key management > Manage endpoint security configurations > node name > Keystores and certificates	SSL keystores

Name

Unique name used to identify the keystore. This name is typically scoped by the ManagementScope scopeName and based upon the location of the keystore. The name must be unique within the existing keystore collection.

This is a user-defined name.

Description

Description of the keystore.

This is a user-defined description.

Path

Location of the keystore file in the format needed by the keystore type. This file can be a card-specific configuration file for cryptographic devices or a filename or file URL for file-based keystores. It can be a safkeyring URL for RACF keyrings. Create an SSL configuration
Key store settings
Keystores and certificates exchange signers

+

Search Tips   |   Advanced Search