Keystores

In Solution Manager under Security you will find the Administration tool for key and certificate storage. Each keystore is a PFX file stored in a table as a BLOB. It is encrypted with a long generated password to make it safe even if someone get their hands on the database or database files. However if you imoprt a plain certificate, it will just be inserted as a cer file without encryption. This makes the keystore able to store public keys in simple manner.

The form is a simple grindview showing the stored keys/certificates.

Adding a Private Key/Certificate

From the context menu, it is possible to add new keys and certificates to the store.

 

Choose weather you like to import a key for a specific user. ("Import User Certificate") or a key/certificate only specifying a Keystore Id. The difference matters when the framework uses the keys for instance when signing documents. User specific keys can only be extracted and used for signing by the actual authenticated user while Plain Keystore Id specified keys can be used by anyone allowed to run the functionallity that is triggering the singing process.

When importing a key, simply specify for which user it applies (or specify the keystore ID if of keystore type) and browse for the .pfx or .key file.

If the file is password protected, you have to provide the password. This password is only used  when unpacking the key. Once the key is stored in the database a new pfx file is created with a different genereted password.

For demo and testing purposed, you can check the "Generate Self-Signed Certificate" and a keystore will be generated for you.

If you import a .cer file, it will simply be added without a pfx file. No password is needed to either import or use the certificate.

Updating a Private Key/Certificate

It is possible to update a keystore. You can change the decription or import a new file. From the context menu select "Update Keystore...". This can only be performed on one keystore at the time.