Applies to :
Venafi Trust Protection Platform 16.2 and up
Venafi Trust Protection Platform (TPP) we can automate the managing of Java Keystores. This article covers the JSK Application provisioning driver configuration.
The Java Keystore (JKS) is a library that can be integrated with the JKS-integrated server platforms such as:
With Venafi Trust Protection Platform we can automate the managing of Java Keystores for any application that utilizes a JKS keystore if one of the supported provisioning method are available.
JKS Provisioning prerequisites:
Supported provisioning methods:
- Agentless (SSH / SFTP)
- Agent based
Provisioning a JSK keystore does not require keytool on target system. For detailed prerequisites please see product documentation.
JKS Application Settings:
Please see the following article covering Creation of Device objects and the generic application object settings Info: Creating An Application Object
Following covers the Java Keystore settings on the JKS Application object.
Full path name of the Java keytool utility. If left empty Venafi will generate JKS keystore.
Version of the Java Keytool utility you are using to manage keystores.
Trust Protection Platform supports the following versions of the Java Keytool utility:
- Java 1.4
- Java 1.5
- Java 1.6
- Java 1.7
The store type determines the key file format. You must select the keystore type supported by the platforms and applications that consume the keystore’s certificates. Type of store managed via the current JKS Application object. The store type determines the key file format. You must select the keystore type supported by the platforms and applications that consume the keystore’s certificates. Available types:
Key Store Path:
A full path includes the path and the filename. For example:/opt/pki/keystore.jks
Key Store Credential:
Password used to access the keystore.
Private Key Credential:
The credential required to access the private key file for certificate renewal.
Creates a new keystore file, if one does not already exist.
Deletes the existing keystore and creates a new one.
Reuses the alias that is assigned to the key/certificate in the keystore when the certificate is renewed. This option keeps the existing certificate available during the renewal process and simplifies management of the applications that use the key/certificate referenced by the alias.
Algorithm used to generate the key for the current certificate. (RSA)
Video of configuring JKS Application driver here:
(This is from Trust Protection Platform 16.x and there have been significant improvements made in newer versions. You can find current JKS documentation here: https://docs.venafi.com/Docs/current/TopNav/Content/Drivers/r-JKS-AppObjSettings-tpp.php?Highlight=JKS)