Trust Store tabs

The Trust Stores contain signed and trusted root certificates with their public keys. These stores contain no private keys. A Trust Store supports the client side of the relationship by using its root CA certificates to verify the signatures of the certificates it receives from each server. If a client cannot validate a server certificate’s signature, an error message allows you to approve or reject a security exemption (on the Allowed Hosts tab).

The System Trust Stores contain installed signed certificates by trusted entities (CA authorities) recognized by the Java Runtime Engine (JRE) of the currently opened platform. A User Trust Store contains installed signed certificates by trusted entities that you have imported (your own certificates).

Only certificates with public keys are stored in the Trust Stores. The majority of certificates in the System Trust Store come from the JRE. You add your own certificates to a User Trust Store by importing them.

Feel free to pass out such root certificates to your team; share them with your customers; make sure that any client that needs to connect to one of your servers has the server’s root certificate in its client Trust Store.

Figure 222.   Example of a System Trust Store
Image

Trust Store columns

Name Value Description
Alias text A short name used to distinguish certificates from one another in the Key Store. This property is required. It may identify the type of certificate (root, intermediate, server), location or function. This name does not have to match when comparing the server certificate with the CA certificate in the client’s Trust Store.
Issued By text Identifies the entity that signed the certificate.
Subject text Specifies the Distinguished Name, the name of the company that owns the certificate.
Not Before date Specifies the date before which the certificate is not valid. This date on a server certificate should not exceed the Not Before date on the root CA certificate used to sign it.
Not After date Specifies the expiration date for the certificate. This date on a server certificate should not exceed the Not After date on the root CA certificate used to sign it.
Key Algorithm text Refers to the cryptographic formula used to calculate the certificate keys.
Key Size number Specifies the size of the keys in bits. Four key sizes are allowed: 1024 bits, 2048 bits (this is the default), 3072 bits, and 4096 bits. Larger keys take longer to generate but offer greater security.
Signature Algorithm formula text Specifies the cryptographic formula used to sign the certificate.
Signature Size KB Specifies the size of the signature.
Valid   Specifies certificate dates.
Self Signed text Read-only. Indicates that the certificate was signed with its own private key.

Trust Store buttons

The Delete and Import buttons are available only in a User Trust Store.

Name Value Description
View button Displays details for the selected item
Delete button Removes the selected record from the database.
Import button Adds an imported item to the database.
Export button Saves a copy of the selected record to the hard disk. For certificates, the file extension is .pem.

Related Links

  • Certificate Management view (Parent Topic)