Each keystore contain a matched pair of a public certificates and its private keys.
These artifacts provide identity information during a TLS handshake.
Before you begin
Cloud Manager and API Manager both support and use
TLS certificates, but they do not themselves produce strong encryption keys or manage your
encryption keys. Encryption keys are generated and managed according to your own procedures. For
more information, see Generating a PKCS#12 file for Certificate Authority and Generating a self-signed certificate using OpenSSL.
One of the following roles is required to configure Keystores:
- Administrator
- Owner
- Topology Administrator
- Custom role with the Settings: Manage permissions
About this task
API Connect includes pre-configured Keystores which may be used for testing purposes. For
production environments, we suggest creating a new, secure Keystore.
Procedure
Perform the following steps to create a TLS Client profile:
-
In the Cloud Manager, click
Resources.
-
Select TLS.
-
Click Create in the Keystore table.
Field |
Description |
Title (required) |
Enter a Title for the Keystore. The title is displayed on the screen. |
Name (required) |
The Name is auto-generated. The value in the Name field is a single string that can be used
in developer toolkit CLI commands. To view the CLI commands to manage keystores, see apic
keystores.
|
Summary (optional) |
Enter a brief description. |
Private Key & Public Key: Step 1: Upload private key |
Upload the file containing the private key certificate. If necessary, you can click
Browse to locate the file. If the file contains both the private and public
keys, upload it in Step 1. Private and public keys are always uploaded in pairs, either in a single
file or separate files. |
Private key password (optional) |
Enter the password for the private key if it has a password. |
Private Key & Public Key: Step 2: Upload public key |
If the public key is contained in a separate file, upload it in Step 2. Private and Public
keys are always uploaded in pairs, either in a single file or separate files. |
-
Click Save.
Note: After they have been uploaded, private keys cannot be downloaded from API Connect.