Create a keystore by uploading a public and private key pair.
Before you begin
Review the TLS profiles overview to understand the
concepts of TLS profiles, keystores, and truststores, and the purpose of the default profiles that
are created at installation.
Your private and public keys must be in PEM or P12 formatted files.
One of the following roles is required to configure keystores:
- Administrator
- Owner
- Topology Administrator
- Custom role with the Settings: Manage permissions
About this task
API Connect
provides pre-configured keystores that are created at installation, and which can be used for
testing and demonstration purposes. For production deployments, it is recommended to create new
keystores that contain your own TLS certificates.Important: If you create your own TLS profiles, API Connect verifies
certificates when you upload them, but does not continuously monitor them for expiry. You are
responsible for monitoring and updating your certificates before they expire.
Procedure
Complete the following steps to create a TLS client profile:
-
In the Cloud Manager, click
Resources.
-
Select Crypto Material.
-
Click Create in the keystore table.
Field |
Description |
Title |
Enter a title for the keystore. |
Name |
The name is auto-generated and based on the title (with spaces and other URL unsafe
characters replaced). |
Summary |
Enter a brief description. |
Private key & public key: Step 1: Upload private key |
Upload the file that contains the private key certificate. If necessary, you can click
Browse to locate the file. If the file contains both the private and public
keys, upload it in Step 1. Private and public keys are always uploaded in pairs, either in a single
file or separate files. Keys can be in PEM or P12 format, and must contain all intermediate
certificates (up to a maximum of 10).
|
Private key password |
If the private key has a password, then enter it here. |
Private key & public key: Step 2: Upload public key |
If the public key is contained in a separate file, upload it in Step 2. Private and public
keys are always uploaded in pairs, either in a single file or separate files. Keys can be in PEM
or P12 format, and must contain all intermediate certificates (up to a maximum of 10).
|
-
Click Save.
Note: Uploaded keys and certificates cannot be download from API Connect.