Creating a Truststore

A truststore contains a list of certificates. The certificates are used to verify the peer during a TLS handshake.

Before you begin

One of the following roles is required to configure Truststores:

Administrator
Owner
Topology Administrator
Custom role with the Settings: Manage permissions

About this task

Cloud Manager and API Manager both support and use TLS certificates, but they do not themselves produce strong encryption keys or manage your encryption keys. Encryption keys are generated and managed according to your own procedures. For more information, see Generating a PKCS#12 file for Certificate Authority and Generating a self-signed certificate using OpenSSL.

API Connect includes pre-configured Truststores which may be used for testing purposes. For production environments, we suggest creating a new, secure Truststore.

Important: API Connect verifies certificates when you upload them, but does not continuously monitor them for expiry. You are responsible for monitoring and updating your certificates before they expire.

Procedure

In the Cloud Manager, click Resources.
Select TLS.

Click Create in the Truststore table.

Field
Title (required)	Enter a Title for the Truststore. The title is displayed on the screen.
Name (required)	The Name is auto-generated. The value in the Name field is a single string that can be used in developer toolkit CLI commands. To view the CLI commands to manage truststores, see the toolkit CLI reference documentation.
Summary (optional)	Enter a brief description.
Public Keys	Upload the file containing the public key certificate. If necessary you can click Browse to locate the file.

Click Save.