Trust Store tabs
The Trust Stores contain signed and trusted root certificates with their public keys. These stores contain no private keys. A Trust Store supports the client side of the relationship by using its root CA certificates to verify the signatures of the certificates it receives from each server. If a client cannot validate a server certificate’s signature, an error message allows you to approve or reject a security exemption (on the Allowed Hosts tab).
The System Trust Stores contain installed signed certificates by trusted entities (CA authorities) recognized by the Java Runtime Engine (JRE) of the currently opened platform. A User Trust Store contains installed signed certificates by trusted entities that you have imported (your own certificates).
Only certificates with public keys are stored in the Trust Stores. The majority of certificates in the System Trust Store come from the JRE. You add your own certificates to a User Trust Store by importing them.
Feel free to pass out such root certificates to your team; share them with your customers; make sure that any client that needs to connect to one of your servers has the server’s root certificate in its client Trust Store.
Trust Store columns
| Column | Description |
|---|---|
| Alias |
Provides a short name used to distinguish
certificates from one another in the Key Store. This property is required. It may identify the type of certificate
(root, intermediate, server), location or function. This name does
not have to match when comparing the server certificate with the CA
certificate in the client’s Trust Store.
|
| Issued By |
Identifies the entity that signed
the certificate.
|
| Subject |
Specifies the Distinguished Name,
the name of the company that owns the certificate.
|
| Not Before |
Specifies the date before which
the certificate is not valid. This date on a server certificate should
not be earlier than the Not Before date on
the CA certificate used to sign it.
|
| Not After |
Specifies the expiration date
for the certificate. This date on a server certificate should not
be later than the Not After date on the CA
certificate used to sign it.
A period no longer than a year ensures regular certificate changes making it more likely that the certificate contains the latest cryptographic standards, and reducing the number of old, neglected certificates that can be stolen and re-used for phishing and drive-by malware attacks. Changing certificates more frequently is even better. |
| Key Algorithm |
Refers to the cryptographic
formula used to calculate the certificate keys.
|
| Key Size |
Specifies the size of the keys
in bits. Four key sizes are allowed: 1024 bits, 2048 bits (this is
the default), 3072 bits, and 4096 bits. Larger keys take longer to
generate but offer greater security.
|
| Signature Algorithm |
Specifies the cryptographic
formula used to sign the certificate.
|
| Signature Size |
Specifies the size of the
signature.
|
| Valid |
Specifies certificate dates.
|
| Self Signed |
Indicates that the certificate
was signed with its own private key.
|
The Delete and Import buttons are available only in a User Trust Store.
User Key Store buttons-
View displays details for the selected item.
-
Delete removes the selected record from the database.
-
Import adds an imported item to the database.
-
Export saves a copy of the selected record to the hard disk.
For certificates, the file extension is .pem.