Certificate Authority Stores Configuration

From iDENprotect Knowledge Base
Jump to: navigation, search

If you have not made any configuration changes yet, please see How to make configuration changes

Introduction

The idenprotect Core Platform can integrate with an external CA or it can use its own internal CA. Not all parameters are required for all CA Types.

Other CA related articles are Certificate Authority Server Configuration, Certificate Authority Profile Name Configuration

For more information on specific Certificate Authorities, see one of the following articles:

Any changes made to the CA Configuration will require a server restart in order for the changes to take effect.


Configurable Settings

  • CA Stores Configuration in the idenprotect Core Platform Admin Console Config Tab
  • Server file system in /etc/idenprotect/ca.properties
Parameters for Stores
Parameter in Config Tab Parameter in Properties File Description
CA Key Store Alias ca.keystore.alias Alias for CA Private Key
CA Key Store Password ca.keystore.pass Password for CA Key Store
CA Key Store Path ca.keystore.path Path to CA Key Store
CA Key Store Subject ca.keystore.subject The subject of the root CA Cert (if idenprotect creates it)
Key Store ca.backend.ejbca.keyStore Keystore used when making mutual TLS connection to EJBCA
Key Store Password ca.backend.ejbca.keyStorePassword Password for keystore
Key Store Type ca.backend.ejbca.keyStoreType Keystore type, eg PKCS12
Trust Store ca.backend.ejbca.trustStore Trust store used when making mutual TLS connection to EJBCA
Trust Store Password ca.backend.ejbca.trustStorePassword Password for truststore
Trust Store Type ca.backend.ejbca.trustStoreType Keystore type, eg PKCS12