Creating a keystore

Create a keystore by uploading a public and private key pair.

Before you begin

Review the TLS profiles overview to understand the concepts of TLS profiles, keystores, and truststores, and the purpose of the default profiles that are created at installation.

Your private and public keys must be in PEM or P12 formatted files.
Note: For information on generating TLS certificates and keys, see Using OpenSSL to generate and format certificates.

One of the following roles is required to configure keystores:

  • Administrator
  • Owner
  • Topology Administrator
  • Custom role with the Settings: Manage permissions

About this task

API Connect provides pre-configured keystores that are created at installation, and which can be used for testing and demonstration purposes. For production deployments, it is recommended to create new keystores that contain your own TLS certificates.
Important: If you create your own TLS profiles, API Connect verifies certificates when you upload them, but does not continuously monitor them for expiry. You are responsible for monitoring and updating your certificates before they expire.

Procedure

Complete the following steps to create a TLS client profile:

  1. In the Cloud Manager, click Resources Resources.
  2. Select Crypto Material.
  3. Click Create in the keystore table.
    Field Description
    Title Enter a title for the keystore.
    Name The name is auto-generated and based on the title (with spaces and other URL unsafe characters replaced).
    Summary Enter a brief description.
    Private key & public key: Step 1: Upload private key Upload the file that contains the private key certificate. If necessary, you can click Browse to locate the file. If the file contains both the private and public keys, upload it in Step 1. Private and public keys are always uploaded in pairs, either in a single file or separate files.

    Keys can be in PEM or P12 format, and must contain all intermediate certificates (up to a maximum of 10).

    Private key password If the private key has a password, then enter it here.
    Private key & public key: Step 2: Upload public key If the public key is contained in a separate file, upload it in Step 2. Private and public keys are always uploaded in pairs, either in a single file or separate files.

    Keys can be in PEM or P12 format, and must contain all intermediate certificates (up to a maximum of 10).

  4. Click Save.
    Note: Uploaded keys and certificates cannot be download from API Connect.