keystore usage?

lance_k · October 31, 2014, 11:30am

Could someone tell me the use of keystore?

Luis_Mesquita · November 3, 2014, 7:25am

Keystore is to put you’re certificates with private keys. You use this if you are a server and from that store private key certificates the server will generate the public key that will deliver to it’s clients to enable an encrypted connection.

You also have truststore were you place the certificate that you as client trust or that you are required to have when connecting to an external server.

In terms of structure they are the same but they are called by different java classes keystore for “work as” server management, truststore for “work as” client structure.

rmg · November 3, 2014, 8:13pm

Good precise notes:)

lance_k · November 4, 2014, 7:20am

Hi Luis Mesquita, Thank you so much for the explanation. As per your statement, Certificate with Private keys will be stored in the key stores.

For a case, I have a client ‘ONLINE’. They shared the private keys. So i have to insert the private certificate to key-store and generate server certificate with the help of that particular key-store in order to communicate. Is that right?

Luis_Mesquita · November 4, 2014, 6:23pm

Hi Lance,

Yes that will be the case, actually you can even store them in both keystore and truststore but it is bad practice.

I bit confused if an outside entity has shared they’re private keys they could be compromising they’re system. If you mean that you have been provided with a private key to enable SSH connections to IS from outside place them in a keystore with java keytool then import it to the IS.

You should be able to see it in the IS next step is to enable a HTTPS port in the IS that will use that private key to establish the SSH connection.

By the way if this revorse invoke server you should be getting CA certificates to avoid man in the middle attacks, anyone who gets access to you’re certificate/key will be able to trick the client by impersionating you’re server the Certificate Authority makes sure that the CA certificate is linked to you’re machine network address or IP.

On the other hand if you will be the client then you (might) need the public certificate of the server you are comunicating and that is deployed on Certificates at the IS admin.

Can you open the certificate on the notepad does it contains KEY or CERTIFICA with begin end tags? What is the extension?

rmg highly appreciate a compliment from a wM guru

Regards and hope it helps.

rmg · November 4, 2014, 9:13pm

UH! you made me laugh not even a Guru every day it’s a learning journey for all of us ! with all experts around in here forum ground:

Sorry! let’s continue on the original topic…

HTH,
RMG

Kushal_Bangabash · March 24, 2015, 2:16pm

Thanks for the post, was very informative.

I would like to add a query here.

When we use SSL, we need the keystore and trust store and majority of the configuration happens in the IS admin console. But when we use EDIINT -AS2 protocol using TN, we just need the certificates in common .der/.cer formats, get the configuration done in MWS partner profiles and that completes the setup i.e no need to go to admin console and create key/trust stores. Is my observation right or wrong…Kindly let me know.

Thanks,
Kushal