Follow

How To: Configure provisioning using the JKS Application driver

Applies to :

Venafi Trust Protection Platform 16.2 and up

 

Summary:

Venafi Trust Protection Platform (TPP) we can automate the managing of Java Keystores. This article covers the JSK Application provisioning driver configuration.

 

Info:

The Java Keystore (JKS) is a library that can be integrated with the JKS-integrated server platforms such as:

  • Jboss
  • Tomcat
  • WebLogic
  • GlassFish
  • Jetty

With Venafi Trust Protection Platform we can automate the managing of Java Keystores for any application that utilizes a JKS keystore if one of the supported provisioning method are available.

 

JKS Provisioning prerequisites:

Supported provisioning methods:

  1. Agentless (SSH / SFTP)
  2. Agent based

Provisioning a JSK keystore does not require keytool on target system. For detailed prerequisites please see product documentation.

 

JKS Application Settings:

Please see the following article covering Creation of Device objects and the generic application object settings Info: Creating An Application Object

 

Following covers the Java Keystore settings on the JKS Application object.

Keytool Path:
Full path name of the Java keytool utility. If left empty Venafi will generate JKS keystore.

Version:
Version of the Java Keytool utility you are using to manage keystores.
Trust Protection Platform supports the following versions of the Java Keytool utility:

  • Java 1.4
  • Java 1.5
  • Java 1.6
  • Java 1.7

Store Type:
The store type determines the key file format. You must select the keystore type supported by the platforms and applications that consume the keystore’s certificates. Type of store managed via the current JKS Application object. The store type determines the key file format. You must select the keystore type supported by the platforms and applications that consume the keystore’s certificates. Available types:

  • JCEKS
  • JKS

Key Store Path:
A full path includes the path and the filename. For example:/opt/pki/keystore.jks

Key Store Credential:
Password used to access the keystore.

Private Key Credential:
The credential required to access the private key file for certificate renewal.

Create:
Creates a new keystore file, if one does not already exist.

Replace Existing:
Deletes the existing keystore and creates a new one.

Certificate Alias:
Reuses the alias that is assigned to the key/certificate in the keystore when the certificate is renewed. This option keeps the existing certificate available during the renewal process and simplifies management of the applications that use the key/certificate referenced by the alias.

Key Algorithm:
Algorithm used to generate the key for the current certificate. (RSA)

 

Video of configuring JKS Application driver here:

(This is from Trust Protection Platform 16.x and there have been significant improvements made in newer versions. You can find current JKS documentation here: https://docs.venafi.com/Docs/current/TopNav/Content/Drivers/r-JKS-AppObjSettings-tpp.php?Highlight=JKS)

 

 

Was this article helpful?
0 out of 0 found this helpful

Comments