# Trust Store

The **Setup** → **Trust Stores** section stores partners' trusted public keys. These keys can be an X.509 Certificate, an SSH server public key, or an SSH client public key.

<figure><img src="/files/OKyBnx9gi9NMMK054pYH" alt=""><figcaption></figcaption></figure>

Multiple SSH keys can be imported for the same server going to:

* **Setup** → **Trust Stores** → **Keys** tab.
* **Setup** → **Untrusted caches** → **Keys** tab.
* **Repository pkhost using the certedit tool**.

To improve clarity, each key is given a unique name, following these rules:

* **When the key is imported in the Trust Store**, the filename will be automatically assigned as a name. If the filename label already exists, \_\<number> will be added. To assign a custom name, click the 3 dots icon and select **Edit** to open the **Edit Key** window.
* **When the key is trusted from the Untrusted Cache** section, the name is composed as follows:\
  \<code>-\<serverIP/serverHostname>-\<serverPort>-S.pub\
  where:
  * \<code> uniquely identifies the key itself
  * \<serverIP/serverHostname> is the server IP or the hostname the key is referred to
  * \<serverPort> is the server port
* **When the key is synchronized from a repository**, the name is composed as follows:\
  CERTEDIT-\<md5-key-checksum>

On the home page, you can click the **SYNC** button to synchronize your Keys/Certificates Trust Store with the content of the physical store.

{% hint style="warning" %}
If certificates are needed by DMZ, either the DMZ Gateway or the STENG must be restarted.
{% endhint %}

To edit or delete an existing SSH key, press the 3-dot icon and select the relevant option. When editing the key to change its name, if the submitted string conflicts with an existing one, a new unique label will be suggested. In the Edit Key dialog window, the Name field cannot be empty.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.primeur.com/data-mover-1.21/security/key-stores-and-trust-stores/trust-store.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.