Sitescope Keystores

  • Document ID:KM03079164
  • Creation Date:23-Jan-2018
  • Modified Date:23-Jan-2018
    • Micro Focus Products:
      sitescope

Summary

Sitescope Keystores

Question

  1. Key management        - used to hold persistency encryption key.
  2. SiteScope Trust Store - used for SSL communication (CACERTS), certification autorities we trust to tell us the real identity of outgoing connections (SSL).
  3. Server Key Store         - Used by SiS server to be identified by SiS clients as trust SiS server.

Answer

 

  1. Monitors flow (outgoing SSL connections):
    SITESCOPE_HOME_DIR/java/lib/security/cacerts - SiteScope trust store (converted to PKSC12 format when using monitors for outgoing SSL connections)
  2. SiteScope server configured to SSL (ingoing SSL connections):
    SITESCOPE_HOME_DIR/groups/serverKeystore (in FIPS mode created in PKSC12 format)
  3. SiteScope server configured to SSL + client authentication\CAC (ingoing SSL connections):
    SITESCOPE_HOME_DIR/templates.certificates/serverTrustStore (JKS format)
  4. SiteScope API configuration (SiteScope server configured to SSL + client authentication):
    SITESCOPE_HOME_DIR/groups/serverKeystore (in FIPS mode created in PKSC12 format)
    SITESCOPE_HOME_DIR/templates.certificates/serverTrustStore (JKS format)
    SITESCOPE_HOME_DIR/java/lib/security/cacerts (JKS format)
    Client KeyStore and TrustStore for SiteScope API usage:
    SCRIPT_HOME/API_Configuration/clientTrustStore (JKS format)
    SCRIPT_HOME/API_Configuration/clientKeyStore (JKS format)
  5. SiteScope client certificate authentication for BSM integration:
    SITESCOPE_HOME_DIR/templates.certificates/BSMClientKeystore (JKS format)