Skip to content

Stores used by MSS in MSSData/trustedcerts

The keystores in this location include the Management and Security Server certificate + private key, the client certificate + private key, and the imported certificates on the Trusted Certificates list for the terminal emulator client.

  • Keystore location: %ProgramData%/Micro Focus/MSS/MSSData/trustedcerts/

  • Password location: This keystore password is encrypted in the KeyChain (in MSSData/keychain.bcfks)

  • To change this password: Administrative Console > Configure Settings – General Security > Change keystore password

The keystores in MSSData/trustedcerts are described in the following table.

Stores used by MSS

  • for Reflection for the Web's shared private key
  • A client certificate is used to identify users connecting to the Security Proxy or an SSL/TLS host when either requires client authentication. If all users share the same client certificate, then the Administrative Server can automatically distribute it to Reflection for the Web clients when needed.
  • for the Management and Security Server certificate
  • signs the Security Proxy token
  • for client authentication to DCAS when using Automated Sign-on for Mainframe
  • for SAML authentication
  • for Reflection for the Web SSH
  • not used by MSS itself
  • for outbound HTTPS: Micro Focus Advanced Authentication and Automated Sign-on for Mainframe
  • used for LDAPS
  • trust store for Host Access for the Cloud and Reflection for the Web using SSL to host
  • not used by MSS itself
  • When settings are exported from the Security Proxy Wizard, certificates are added to this store.