Keystore-Manager
With the help of the left menu and the selection Master data → Certificates you reach the administration area for private and public keys.
You can switch between the various keystore modules in the menu bar:
*CRYPT
The paths and access data for the keystore must be entered in the module configuration for the *CRYPT module. A keystore is supported as a .p12 file or as individual certificates in the file system.*OFTP2
The paths and access data for the keystore must be entered in the module configuration for the *OFTP2 module. A keystore is supported as a .p12 file.*HSM Truststore
The HSM truststore is displayed if the paths and access data for the HSM are entered in the module configuration for the *AS4 module.*HSM Keystore
The HSM keystore selection is displayed if the paths and access data for the HSM are entered in the module configuration for the *AS4 module. In addition, the HSM slot to be displayed must be entered in the AS4 sender master data for the corresponding sender. If both requirements are met, an HSM keystore can be selected.
All information of the individual certificates can be viewed. In addition, the certificates can be renamed, deleted, imported and exported in the formats DER, PEM, CER, CRT, P7B, P12, PUB or KEY.
Public and private keys in the formats PUB and KEY can only be imported into a *CRYPT keystore, which is located in the IFS.
Possible Activities on this page:
Filter
The filter settings can be filtered according to date and time, validity and the exhibitor organization.
Create certificate
This creates a new certificate. In addition to the exhibitor information, four selected extensions can also be added to the certificate.
Basic Constraint 2.5.29.19
Key Usage 2.5.29.15
Extendiingg Key Usage 2.5.29.37
Subject Alternative Name 2.5.29.17
Import certificate or keypair
Imports a certificate or keypair in the format .der / .pem / .cer / .crt / .cert / .p7b / .p12 / .pub / .key / .pub / .key
If a certificate of an incomplete certificate chain is uploaded, missing certificates will be pointed out.
In addition to the alias, a start time can be specified for certificates in the formats .der / .pem / .cer / .crt / .cert / .p7b / .p12, from which the certificate is used.
The same alias can be used multiple times if a different start time is selected.
Alias and start time can also be changed subsequently for already imported certificates that are listed in the table as CERT or PAIR.
Export certificates
Certificates of type "PAIR" can be exported as KeyPair or as certificate chain. Depending on the type selected, various parameters can be entered for the export.
Certificates of type "CERT" can be exported directly to a file of type "DER","PEM","CER","CERT" and "CRT".
Public and private keys can be exported directly into these formats.
Use of certificates
For each certificate, the table shows how often it is used in the master data.
In addition, the context menu can be used to display where it is used. Clicking on the usage opens the corresponding page with the form for the entry.
When certificates are deleted, their use in the master data is also checked and a warning is displayed if the certificate is still in use.
Only the certificate can then be deleted or the certificate can also be removed from all affected master data.
Start time of certificates
For each certificate, a start time can be defined from which the certificate is used. With this function, several certificates with the same alias name can exist in the keystore. The start time then determines the time from which one certificate replaces the other. The start time can also be subsequently adjusted via the context menu.
Renaming and deleting certificates
When renaming and deleting certificates, all usages in the master data are automatically updated to the new name or removed.
Refresh cache
If an *HSM Keystore or the *HSM Truststore is selected, the *HSM Keystore cache can be updated via an additional button in the menu bar. This process can take a few minutes, as soon as it is finished an info notification is displayed in the sidebar.