Certificate Management
Certificate management
With the Certificate management tab, you can administer your trusted certificates as well as your server certificates. You can manage your truststore with this application.
To be clear on the difference between these two types of certificates:
- Trusted Certificates are X.509 certificates that are issued by servers to be trusted by ConnectPlaza. These (often Self-Signed) certificates must be trusted in order to connect to these external SSL websites. For example you need to trust a self-signed certificate from an HTTPS based website, that you wish to call out to using the HTTP gateway in ConnectPlaza.
- Server Certificates are X.509 certificates that are requested by organizations and issued by a Certificate Authority to be used as a Server side certificate. You can use these certificates when you wish to expose an SSL secured endpoint using the HTTP listener or Webservice listener in ConnectPlaza.
For more information about SSL handling, check the following link: SSL - Handling
In the Trusted Certificates tab you can upload trusted certificates to or delete trusted certificates from the ConnectPlaza truststore. In the Server Certificates tab you can upload server certificates to or delete server certificates from the ConnectPlaza keystore.
As of version 3.4.0 we placed indications to see if any certificate is expired or will expire in two weeks. See the legend below:
Trusted Certificates
Field | Description |
Alias | Alias name of your certificate. This name will be used in your applications. |
Common name | Common name of the certificate. |
Valid until | Expiration date of the certificate. |
Remove button. Click this button to remove the certificate. |
When the certificate is about to expire or is expired, the line of the certificate will change color accordingly to the legend. So expired certificates will be displayed in a red line, about to expire certificates will be displayed in an orange color.
Adding a trusted certificate
Add a certificate to your truststore by clicking on the button at the top right of the screen.
Please note that the certificate is required to have the .crt extension (e.g. .pem is not accepted).
Drag your certificate to this screen or click in the middle of the screen to open a File Upload screen, like this:
The file will be uploaded to the truststore. After you have uploaded all the certificates you need, restart your ConnectAgent by pressing the Restart agent button, in order to activate the new truststore.
Removing a certificate
If you want to remove a certificate, select the button at the end of the row of the certificate you want to remove from the truststore. You will be asked if you are sure you want to remove the certificate permanently.
Select Remove to remove the certificate. You have to restart your ConnectAgent by pressing the Restart agent button, in order to activate the new truststore.
Server Certificates
Alias | Alias of the certificate. |
Common name | Common name of the certificate. |
Organization | The organization the certificate is issued to. |
Location | Location of the organisation. |
Valid until | Expiration date of the certificate. |
Remove button. Click this button to remove the certificate. |
When the certificate is about to expire or is expired, the line of the certificate will change color accordingly to the legend. So expired certificates will be displayed in a red line, about to expire will be displayed in an orange color.
Adding a server certificate
Add a server certificate to your truststore by clicking on the button at the top right of the screen.
In order to upload a Server Certificate you must deliver an X.509 Keypair in a secure fashion. In order to provide our users with the utmost of security measures, our users are required to deliver the server certificate as a PKCS#12 Keystore in either .pfx or .p12 format. The keystore itself and the key pairs should be protected with passwords of ten or more characters (smaller values may result in a "java.security.InvalidKeyException: pad block corrupted"). Within this keystore the user must place the desired server certificate (as a keypair) and protect it with passwords.
The store password is always:
- Store password: opdion01
Graphically this looks like this:
Definitions:
Item | Description |
Source keystore password | Provide the password to unlock the uploaded PKCS#12 keystore. This is the original password of the keystore. |
Source key alias |
Provide the alias of the keypair inside the original PKCS#12 keystore. If you use Keystore Explorer, it is the Entry Name the certificate. If you update a certificate, it is possible to rename this ALIAS inside the PFX file with Keystore Explorer. Use the same alias as previously used. You can use the same alias name as used in Deploy. |
Source key password | Provide the password to of the origional Keypair inside the PKCS#12 keystore |
Target key alias | Provide an alias under which to store the keypair into the ConnectPlaza Keystore. By default the alias from the provided PKCS#12 store will be used. You can change this into something which suits your needs. |
Do not drag any file into the dropzone before inserting the Alias and Store password of the PKCS#12 file.
Drag the .pfx or .p12 into the dropzone in this screen or click in the middle of the screen to open a File Upload screen like this:
The keypair will be uploaded and imported to the ConnectPlaza keystore. After you have uploaded all the server certificates you need, restart your ConnectAgent by pressing the Restart agent button, in order to activate the new keystore.
Removing a server certificate
If you want to remove a certificate, select the button at the end of the row of the certificate you want to remove from the keystore. You will be asked if you are sure you want to remove the certificate permanently.
Select Remove to remove the server certificate. You have to restart your ConnectAgent by pressing the Restart agent button, in order to activate the new keystore.