NOTE: Only the appropriate
Workbench, platform or station tools may be used to modify these data files. Attempts to modify them by other means renders them corrupt
and unusable.
keystore.jceks is the User Key Store. In
Workbench it contains a company’s root CA, intermediate, and code-signing certificates. In a server, it contains the server certificate.cacerts.jceks is the User Trust Store. In a client it contains the root CA and intermediate certificates with only their public keys.exemptions.tes is the Allowed Hosts list. In a client it contains the certificate for hosts (servers) with whom the client may securely communicate even though
the client either:
- does not have a root CA certificate in its System or User Trust Store for the server, or
- may have a matching root CA certificate, but the Common Name or Alternate Server Name of the server certificate is not the same as the host name of the server being authenticated.
.bcfks is the FIPS (Federal Information Processing Standard) compliant key store. In non-FIPS mode, they are stored in a .jceks key store. These key stores are managed separately. The FIPS and non-FIPS certificates do not overlap.
NOTE: A certificate in the
Workbench User Key Store may have the same name as a certificate in a platform/station User Key Store, but they may not be the same certificate. Similarly, files in these stores may have differing alias names, and, in fact,
contain the same public keys. It is the public/private key pair that defines a certificate, not the certificate’s name.