Create a keystore configuration for a preexisting keystore file
Overview
An SSL configuration references keystore configurations during security processing. If another keystone tool is used to create a keystore file, or the keystone file was saved from a previous configuration, create a new keystone configuration object that references the preexisting keystone file. The server then uses this new keystone configuration object to obtain information from the preexisting keystone file. A keystore must already exist.
Alternative method: use the createKeyStore command of the AdminTask object.
Create a keystore configuration for a preexisting keystore file
Complete the following steps in the console:
- Click...
Security | SSL certificate and key management | Manage endpoint security configurations | {Inbound | Outbound} | Related Items | Key stores and certificates | New
- Type a name in the Name field. This name
- Type the location of the keystore file in the Path field.
The location can be a file name or a file URL to an existing keystore file.
- Type the keystore password in the Password field.
This password is for the keystore file that specified in the Path field.
- Type the keystore password again in the Confirm Password field to confirm the password.
- Select a keystore type from the list. The type selected is for the keystore file that specified in the Path field.
- Select any of the following optional selections:
- The Read only selection creates a keystore configuration object but does not create a keystore file.
If this option is selected, the keystore file that specified in the Path field must already exist.
- The Initialize at startup selection initializes the keystore during runtime.
- The Enable cryptographic operations on a hardware device specifies whether a hardware cryptographic device is used for cryptographic operations only.
Operations that require login are not supported when using this option.
- Click Apply and Save.
Results
You have created a keystore configuration object for the keystore file that specified. This keystore can now be used in an SSL configuration.
Related concepts
Configure a hardware cryptographic keystoreManage keystore configurations remotely Keystores and certificates collection Key store settings Key managers collection Key managers settings
Keystore configurations for SSL SSL configurations
Keystores and certificates exchange signers KeyStoreCommands command group for the AdminTask object