17.7 Managing Certificates in a Keystore

The Keystore Details page allows you to view associated cluster member keystores and to replace certificates associated with the keystore.

Not all keystores are associated with a cluster configuration. Those that are (for example, the Signing and Encryption keystores) display the following information:

Column

Description

Keystore Name

The name of the keystore.

Type

The type of keystore, such as Java or PKCS12.

Device or Cluster Name

The name of the device or of the cluster that is using the keystore.

Some keystores require a single certificate, so you can only replace the certificate. Other keystores can contain multiple certificates. In this type of keystore, you can add and remove certificates.

To view a keystore:

  1. Click Security > Certificates.

  2. Click the down-arrow in the Devices column, then select a keystore.

  3. Alternatively, Identity Server keystores can be accessed from Identity Server Cluster > Edit > General > Security.

  4. View the details of the keystore, the device associated with the keystore, and the certificates in the keystore.

  5. Add, Remove, and Replace options are available based on the type of keystore. They can be used for managing the certificates in the keystore.

  6. To remove a certificate:

    1. Select the certificate, then click Remove.

      NOTE:

      • You cannot remove the default certificates or the certificates that are in use.

      • This option is available only for keystores that support multiple certificates.

  7. To add or replace a certificate:

    1. Click Add or Replace.

    2. Specify the following details:

      Certificate: Specifies the certificate you want to add. You can browse to locate the certificate. When you browse, the system displays the Select Certificate page. Select the certificate, then click OK.

      Alias(es): Specifies the certificate alias. This name is displayed among the list of certificates assigned to the keystore. By default, the certificate name is the alias name. You can change the name of the alias.

      Overwrite keys with the same alias: Enable this option if you want to overwrite the existing certificate with the given alias name.

      NOTE:

      • Add and Remove options are available only for Encryption and Signing certificates.

      • The Replace option allows you to only replace the default certificates.

    3. Click OK.

  8. Click Close.