Creating a Truststore

A truststore contains a list of certificates. The certificates are used to verify the peer during a TLS handshake.

Before you begin

One of the following roles is required to configure Truststores:

  • Administrator
  • Owner
  • Topology Administrator
  • Custom role with the Settings: Manage permissions

About this task

Cloud Manager and API Manager both support and use TLS certificates, but they do not themselves produce strong encryption keys or manage your encryption keys. Encryption keys are generated and managed according to your own procedures. For more information, see Generating a PKCS#12 file for Certificate Authority and Generating a self-signed certificate using OpenSSL.

API Connect includes pre-configured Truststores which may be used for testing purposes. For production environments, we suggest creating a new, secure Truststore.


  1. In the Cloud Manager, click Resources Resources.
  2. Select TLS.
  3. Click Create in the Truststore table.
    Title (required) Enter a Title for the Truststore. The title is displayed on the screen.
    Name (required) The Name is auto-generated. The value in the Name field is a single string that can be used in developer toolkit CLI commands.

    To view the CLI commands to manage truststores, see apic truststores.

    Summary (optional) Enter a brief description.
    Public Keys Upload the file containing the public key certificate. If necessary you can click Browse to locate the file.
  4. Click Save.