Creating a truststore

Create a truststore that contains a list of certificates that your TLS profile trusts.

Before you begin

Review the TLS profiles overview to understand the concepts of TLS profiles, keystores, and truststores, and the purpose of the default profiles that are created at installation.

Your public keys must be in PEM or P12 formatted files.
Note: For information on generating TLS certificates and keys, see Using OpenSSL to generate and format certificates.

One of the following roles is required to configure truststores:

  • Administrator
  • Owner
  • Topology Administrator
  • Custom role with the Settings: Manage permissions

About this task

API Connect provides pre-configured truststores that are created at installation, and which can be used for testing and demonstration purposes. For production deployments, it is recommended to create new truststores with your own TLS certificates.
Important: If you create your own TLS profiles, API Connect verifies certificates when you upload them, but does not continuously monitor them for expiry. You are responsible for monitoring and updating your certificates before they expire.

Procedure

  1. In the Cloud Manager, click Resources Resources.
  2. Select Crypto Material.
  3. Click Create in the truststore table.
    Field
    Title Enter a title for the truststore.
    Name The name is auto-generated and based on the title (with spaces and other URL unsafe characters replaced).
    Summary Enter a brief description.
    Upload truststore certificates Upload the file that contains the public key certificate.
  4. Click Save.