6.8 Key Manager
The Key Manager enables you to configure key exchange required by the protocols for several different agents.
To open the Key Manager, click the Tools button in the upper left part of the Desktop window, and then select Key Manager from the menu.
Key Manager
Item | Description |
---|---|
Select Pico | Select for which pico instance you want the key exchange to be configured in this list. All running pico instances will be available for selection. |
Select Keystore Type | Select the keystore type in this list. Supported types are JKS, JCEKS, and PKCS12. |
Select Keystore | Select the keystore you want to use. All keystores for the selected Pico instance will be available for selection, see the Adding Keystores to Pico Instances section below for further information. Upon selection, you will be prompted for the keystore's password: |
Aliases | This section will show the available aliases and their respective types within the selected keystore. The type can be either key or a certificate. |
Remove | Click this button to remove selected aliases from the list. |
Import Certificate | Click on this button to import an existing certificate. You will be prompted to select the certificate and enter the alias: Click on the Select Certificate button, browse to the location of the certificate, select it, and click Open. Then enter the alias and click OK to import. |
Adding Keystores to Pico Instances
In order to select a keystore, it has to be added to the Pico instance. Multiple keystores can be added at the same time. This is done using topo by executing the following sequence, assuming the keystore(s) exists:
Add keystore(s) to the pico instance:
$ mzsh topo set --allow-disconnected -l pico:<piconame>/obj:config.properties.security 'keystorePath: "<path_to_ks1;path_to_ks2>"'
Activate the changes:
$ mzsh topo activate
Restart the pico instance:
$ mzsh restart <piconame>
Example - Adding Keystore to Pico Instance
$ mzsh topo set --allow-disconnected -l pico:ec1/obj:config.properties.security 'keystorePath: "/tmp/keys/mykey.keystore"' $ mzsh topo activate $ mzsh restart ec1