Creating a Keystore

Keystores contain matched pairs of public certificates and private keys used to confirm identity and encrypt/decrypt data transmission over HTTPS.

Before you begin

API Manager supports and uses TLS certificates, but does not produce strong encryption keys or manage your encryption keys. Encryption keys are generated and managed according to your own procedures. For more information, see Generating a PKCS#12 file for Certificate Authority and Generating a self-signed certificate using OpenSSL.

One of the following roles is required to configure Keystores:

  • Organization Administrator
  • Owner
  • Custom role with the Settings: Manage permissions

About this task

API Connect includes pre-configured Keystores which may be used for testing purposes. For production environments, we suggest creating a new, secure Keystore.


Perform the following steps to create a TLS Client profile:

  1. In the API Manager, click Resources Resources.
  2. Select TLS.
  3. Click Create in the Keystore table.
    Field Description
    Title (required) Enter a Title for the Keystore. The title is displayed on the screen.
    Name (required) The Name is auto-generated. The value in the Name field is a single string that can be used in developer toolkit CLI commands.

    To view the CLI commands to manage keystores, see apic keystores.

    Summary (optional) Enter a brief description.
    Private Key & Public Key: Step 1: Upload private key Upload the file containing the private key certificate. If necessary, you can click Browse to locate the file. If the file contains both the private and public keys, upload it in Step 1. Private and public keys are always uploaded in pairs, either in a single file or separate files.
    Private key password (optional) Enter the password for the private key if it has a password.
    Private Key & Public Key: Step 2: Upload public key If the public key is contained in a separate file, upload it in Step 2. Private and Public keys are always uploaded in pairs, either in a single file or separate files.
  4. Click Save.
    Note: After they have been uploaded, private keys cannot be downloaded from API Connect.