Trust Store

The Trust Store stores partners' trusted public keys. These keys can be an X.509 Certificate, an SSH server public key, or an SSH client public key.

Multiple SSH keys can be imported for the same server going to:

  • Settings Security Trust Store Keys tab.

  • Settings Security Untrusted caches Keys tab.

  • Repository pkhost using the certedit tool.

Each key is given a unique name, following these rules:

  • When the key is imported into the Trust Store, the filename will be automatically assigned as a name. If the filename label already exists, _<number> will be added. To assign a custom name, click the 3 dots icon and select Edit to open the Edit Key window.

  • When the key is trusted from the Untrusted Cache section, the name is composed as follows: <code>-<serverIP/serverHostname>-<serverPort>-S.pub where:

    • <code> uniquely identifies the key itself

    • <serverIP/serverHostname> is the server IP or the hostname the key is referred to

    • <serverPort> is the server port

  • When the key is synchronized from a repository, the name is composed as follows: CERTEDIT-<md5-key-checksum>

On the home page, the SYNC button synchronizes the Keys/Certificates of the Trust Store with the content of the physical store.

To edit or delete an existing SSH key, press the 3-dot icon and select the relevant option. When editing the key to change its name, a new unique label will be suggested if the submitted string conflicts with an existing one.

Importing keys

To import an existing key, go to the Keys tab of the Trust Store page and follow these steps:

  1. Click the Import button.

  2. In the Import Key window, click the Upload button and browse the file system to locate the file.

  3. Click the Open button to load the file.

  4. The Name field will be automatically filled in with the name of the key.

    1. In the Type drop-down list, select the type of the key you are importing choosing among PKHOST or PKUSR.

    2. Configure the Format choosing one of these options: - Automatic encoding detection - OpenSSH public key file - Secure Shell (SSH) Public Key File

  5. Click Import.

Importing certificates

To import an X.509 Certificate, go to the Certificates tab of the Trust Store page and follow these steps:

  1. Select the Import button.

  2. In the Import Certificate window, click the Upload button and browse the file system to locate the file.

  3. Click the Open button to load the file.

  4. In the Type drop-down list, select the type of the certificate you are importing choosing among CA and USR.

  5. Configure the Format selecting if the key is a DER encoding, PEM encoding, PKCS#7 PEM encoded or an Automatic encoding detection.

  6. Click Import.

PreviousPGP Key StoreNextPGP Trust Store

Last updated