Info:
Venafi Trust Protection Platforms offers a provisioning driver for Java Keystore (JKS). This article covers the common use cases and application object settings.
More Info:
Click here to view this article as a video.
Java Keystore (JKS) is a library that can be integrated with the JKS-integrated server platforms such as:
- Jboss
- Tomcat
- WebLogic
- GlassFish
- Jetty
The supported provisioning methods are:
- Agentless (Uses SSH and SFTP)
- Agent based
The provisioning driver does not require keytool on target system in most cases. If we are generating the private key and CSR on the target application keytool is required.
JKS Application object settings:
Keystore Path:
Full path name of the Java keytool utility. If left empty Venafi will generate JKS keystore.
Version:
Version of the Java Keytool utility you are using to manage keystores.
Trust Protection Platform supports the following versions of the Java Keytool utility:
- Java 1.4
- Java 1.5
- Java 1.6
- Java 1.7
Store Type:
The store type determines the key file format. You must select the keystore type supported by the platforms and applications that consume the keystore’s certificates.
Type of store managed via the current JKS Application object.
The store type determines the key file format. You must select the keystore type supported by the platforms and applications that consume the keystore’s certificates. Available types:
- JCEKS
- JKS
Key Store Path:
A full path includes the path and the filename. For example:/opt/pki/keystore.jks
Key Store Credential:
Password used to access the keystore.
Private Key Credential:
The credential required to access the private key file for certificate renewal.
Create:
Creates a new keystore file, if one does not already exist.
Replace Existing:
Deletes the existing keystore and creates a new one.
Certificate Alias:
Reuses the alias that is assigned to the key/certificate in the keystore when the certificate is renewed. This option keeps the existing certificate available during the renewal process and simplifies management of the applications that use the key/certificate referenced by the alias.
Key Algorithm:
Algorithm used to generate the key for the current certificate. (RSA)
Comments