Trusting Keys and Certificates
To trust an SSH public key or an X.509 Certificate, go to Setup → Untrusted Caches menu, select the 3-dot icon and then the Trust entry.
A confirmation message will appear. Click CONFIRM to validate.
When should the Keys tab be used?
The Setup → Untrusted Caches → Keys tab lists keys not yet trusted and must be used in these scenarios:
Data Mover SFTP Client connects to an external SFTP server:
If not already trusted, the key exposed by the external server is saved.
Name
The syntax of the name is: [key hash]-[ip and port used for remote connection]-S.pub
Subject DN
This column displays the IP and port used for remote connection
Type
SSH Host Key is displayed in this column
Data Mover SFTP Server receives a connection from an external SFTP client:
If this client is not already trusted, its key is saved in this repository.
Name
The syntax of the name is: [key hash]-[user]-C.pub
Subject DN
This column displays the username of the SFTP client
Type
SSH User Key is displayed in this column
When should the Certificates tab be used?
The Certificates tab lists certificates not yet authenticated and must be used in these scenarios:
Data Mover SSL Client (all remote connections over SSL) connects to a server on SSL protocol. The exposed certificate and its chain (depending on the counterpart server) are saved in this repository only if not already trusted.
Warning!
A successful Client Connection on SSL protocol requires the trust of the entire certification chain related to that protocol. A chain of trust cannot be completed without a trust anchor issued by a Certificate Authority. For safety reasons, a remote SSL server is only allowed to send end-entity and intermediate certificates, but CA trust anchors must be provided separately. To complete the chain, you must manually import a secure and trustworthy CA trust anchor. Be careful to import only reliable and proven CA trust anchors as it is impossible to recognize fake certificates issued by a malicious CA once its certificate has been trusted. With great power comes great responsibility! To import a certificate go to the Setup → Trust Stores → Certificates tab and click the IMPORT button. Once you have imported the CA trust anchor and trusted all intermediate and end-entity certificates, the Client Connection can be established successfully.
Data Mover SSL Server (all servers exposed in SSL) receives a connection from a client over SSL protocol that requires client authentication. The certificate is saved in this repository only if not already trusted.
Last updated