Creating a Keystore

Each keystore contain a matched pair of a public certificates and its private keys. These artifacts provide identity information during a TLS handshake.

Before you begin

Cloud Manager and API Manager both support and use TLS certificates, but they do not themselves produce strong encryption keys or manage your encryption keys. Encryption keys are generated and managed according to your own procedures. For more information, see Generating a PKCS#12 file for Certificate Authority and Generating a self-signed certificate using OpenSSL.

One of the following roles is required to configure Keystores:

  • Administrator
  • Owner
  • Topology Administrator
  • Custom role with the Settings: Manage permissions

About this task

API Connect includes pre-configured Keystores which may be used for testing purposes. For production environments, we suggest creating a new, secure Keystore.


Perform the following steps to create a TLS Client profile:

  1. In the Cloud Manager, click Resources Resources.
  2. Select TLS.
  3. Click Create in the Keystore table.
    Field Description
    Title (required) Enter a Title for the Keystore. The title is displayed on the screen.
    Name (required) The Name is auto-generated. The value in the Name field is a single string that can be used in developer toolkit CLI commands.

    To view the CLI commands to manage keystores, see apic keystores.

    Summary (optional) Enter a brief description.
    Private Key & Public Key: Step 1: Upload private key Upload the file containing the private key certificate. If necessary, you can click Browse to locate the file. If the file contains both the private and public keys, upload it in Step 1. Private and public keys are always uploaded in pairs, either in a single file or separate files.
    Private key password (optional) Enter the password for the private key if it has a password.
    Private Key & Public Key: Step 2: Upload public key If the public key is contained in a separate file, upload it in Step 2. Private and Public keys are always uploaded in pairs, either in a single file or separate files.
  4. Click Save.
    Note: After they have been uploaded, private keys cannot be downloaded from API Connect.