Certificate Management

Certificate management

With the Certificate management tab, you can administer your trusted certificates as well as your server certificates. You can manage your truststore with this application. 

To be clear on the difference between these two types of certificates:

  • Trusted Certificates are X.509 certificates that are issued by servers to be trusted by ConnectPlaza. These (often Self-Signed) certificates must be trusted in order to connect to these external SSL websites. For example you need to trust a self-signed certificate from an HTTPS based website, that you wish to call out to using the HTTP gateway in ConnectPlaza.
  • Server Certificates are X.509 certificates that are requested by organizations and issued by a Certificate Authority to be used as a Server side certificate. You can use these certificates when you wish to expose an SSL secured endpoint using the HTTP listener or Webservice listener in ConnectPlaza.

For more information about SSL handling, check the following link: SSL - Handling

In the Trusted Certificates tab you can upload trusted certificates to or delete trusted certificates from the ConnectPlaza truststore. In the Server Certificates tab you can upload server certificates to or delete server certificates from the ConnectPlaza keystore.

As of version 3.4.0 we placed indications to see if any certificate is expired or will expire in two weeks. See the legend below:

Trusted Certificates

Field Description
Alias Alias name of your certificate. This name will be used in your applications.
Common name Common name of the certificate.
Valid until Expiration date of the certificate.
Remove button. Click this button to remove the certificate.

 

When the certificate is about to expire or is expired, the line of the certificate will change color accordingly to the legend. So expired certificates will be displayed in a red line, about to expire certificates will be displayed in an orange color.

Adding a trusted certificate

Add a certificate to your truststore by clicking on the  button at the top right of the screen.

Please note that the certificate is required to have the .crt extension (e.g. .pem is not accepted).

Drag your certificate to this screen or click in the middle of the screen to open a File Upload screen, like this:

The file will be uploaded to the truststore. After you have uploaded all the certificates you need, restart your ConnectAgent by pressing the Restart agent button, in order to activate the new truststore. 

Removing a certificate

If you want to remove a certificate, select the  button at the end of the row of the certificate you want to remove from the truststore. You will be asked if you are sure you want to remove the certificate permanently.

Select Remove to remove the certificate. You have to restart your ConnectAgent by pressing the Restart agent button, in order to activate the new truststore. 

Server Certificates

 

Alias Alias of the certificate.
Common name Common name of the certificate.
Organization The organization the certificate is issued to.
Location Location of the organisation.
Valid until Expiration date of the certificate.
Remove button. Click this button to remove the certificate.

 

When the certificate is about to expire or is expired, the line of the certificate will change color accordingly to the legend. So expired certificates will be displayed in a red line, about to expire will be displayed in an orange color.

Adding a server certificate

Add a server certificate to your truststore by clicking on the  button at the top right of the screen. 

In order to upload a Server Certificate you must deliver an X.509 Keypair in a secure fashion. In order to provide our users with the utmost of security measures, our users are required to deliver the server certificate as a PKCS#12 Keystore in either .pfx or .p12 format. The keystore itself and the key pairs should be protected with passwords of ten or more characters (smaller values may result in a "java.security.InvalidKeyException: pad block corrupted"). Within this keystore the user must place the desired server certificate (as a keypair) and protect it with passwords.

The store password is always:

  • Store password: opdion01

Graphically this looks like this:

Definitions:

Item Description
Source keystore password Provide the password to unlock the uploaded PKCS#12 keystore. This is the original password of the keystore.
Source key alias Provide the alias of the keypair inside the original PKCS#12 keystore. If you use Keystore Explorer, it is the Entry Name the certificate.
Source key password Provide the password to of the origional Keypair inside the PKCS#12 keystore
Target key alias Provide an alias under which to store the keypair into the ConnectPlaza Keystore. By default the alias from the provided PKCS#12 store will be used. You can change this into something which suits your needs.

 

Do not drag any file into the dropzone before inserting the Alias and Store password of the PKCS#12 file.

Drag the .pfx or .p12 into the dropzone in this screen or click in the middle of the screen to open a File Upload screen like this:

The keypair will be uploaded and imported to the ConnectPlaza keystore. After you have uploaded all the server certificates you need, restart your ConnectAgent by pressing the Restart agent button, in order to activate the new keystore.

Removing a server certificate

If you want to remove a certificate, select the  button at the end of the row of the certificate you want to remove from the keystore. You will be asked if you are sure you want to remove the certificate permanently.

Select Remove to remove the server certificate. You have to restart your ConnectAgent by pressing the Restart agent button, in order to activate the new keystore.