Certificate Management

Certificate Management

Certificate management

With the Certificate management tab, you can administer your trusted certificates as well as your server certificates. You can manage your truststore with this application. 

To be clear on the difference between these two types of certificates:

  • Trusted Certificates are X.509 certificates that are issued by servers to be trusted by ConnectPlaza. These (often Self-Signed) certificates must be trusted in orde to connect to these external SSL websites. For example you need to trust a self-signed certificate from a HTTPS based website, that you wish to call out to using the HTTP Gateway in ConnectPlaza.
  • Server Certificates are X.509 certificates that are requested by organisations and issued by a Certificate Authority to be used as a Server side certificate. You can use these certificates when you wish to expose an SSL secured endpoint using the HTTP Listener of Webservice Listener in ConnectPlaza.

For more information about SSL handling, check the following link: SSL - Handling

You can choose either Trusted Certificates to upload to or delete trusted certificates from the ConnectPlaza TrustStore or Server Certificates to upload to or delete server certificates from the ConnectPlaza KeyStore.

As of version 3.4.0 we placed indications to see if any certificate is expired or will expire in a week or two. See the legend below:

Trusted Certificates

Field Description
Alias Alias name of your certificate. This name will be used in your applications
Common name Common name of the certificate
Valid until Expiration date of the certificate
Remove button. Click this button to remove the certificate

 

When the license is about to expire or is expired, the line of the certificate will change colour accordingly to the legend. So expired will be displayed in a red line, about to expire will be displayed in an orange colour.

Adding a trusted certificate

Add a certificate to your trust store by clicking on the  button at the top right of the screen. 

Drag your certificate in this screen or click in the middle of the screen to open a File Upload screen, like this:

The file will be uploaded to the trust store. After you have uploaded all the certificates you need, restart your ConnectAgent by pressing the Restart agent button, in order to activate the new trust store. 

Removing a certificate

If you want to remove a certificate, select the  button at the end of the row of the certificate you want to remove from the trust store. You will be asked if you are sure you want to remove the certificate permanently.

Select Remove to remove the certificate. You have to restart your ConnectAgent by pressing the Restart agent button, in order to activate the new trust store. 

Server Certificates

 

Alias Alias of the certificate
Common name Common name of the certificate
Organisation The organisation the certificate is issued to.
Location Location of the organisation
Valid until Expiration date of the certificate
Remove button. Click this button to remove the certificate

 

When the license is about to expire or is expired, the line of the certificate will change colour accordingly to the legend. So expired will be displayed in a red line, about to expire will be displayed in an orange colour.

Adding a server certificate

Add a server certificate to your trust store by clicking on the  button at the top right of the screen. 

In order to upload a Server Certificate you must deliver a X.509 Keypair in a secure fashion. In order to provide our users with the utmost of security measures, our users are required to deliver the server certificate as a PKCS#12 Keystore in either .pfx or .p12 format. Within this keystore the user must place the desired server certificate (as a keypair) and protect it with passwords.

The store password is always:

  • Store password: opdion01

Graphically this looks like this:

Definitions:

Source keystore password Provide the password to unlock the uploaded PKCS#12 keystore. This is the original password of the keystore
Source key alias Provide the alias of the keypair inside the origional PKCS#12 keystore.
Source key password Provide the password to of the origional Keypair inside the PKCS#12 keystore
   
Target key alias Provide an alias under which to store the keypair into the ConnectPlaza Keystore. By default the alias from the provided PKCS#12 store will be used. You can change this into something which suits your needs.

 

Do not drag any file into the dropzone before inserting the Alias and Store password of the PKCS#12 file.

Drag the .pfx or .p12 into the dropzone in this screen or click in the middle of the screen to open a File Upload screen like this:

The keypair will be uploaded and imported to the ConnectPlaza keystore. After you have uploaded all the server certificates you need, restart your ConnectAgent by pressing the Restart agent button, in order to activate the new keystore.

Removing a server certificate

If you want to remove a certificate, select the  button at the end of the row of the certificate you want to remove from the keytore. You will be asked if you are sure you want to remove the certificate permanently.

Select Remove to remove the server certificate. You have to restart your ConnectAgent by pressing the Restart agent button, in order to activate the new keystore.