Integration Runtimes Secured Communication

Learn how to configure runtimes to exchange data in a secured way.

Setup Secured Communication for Deploy Anywhere Assets

You can set up the deploy anywhere assets to utilize Secure Sockets Layer (SSL) or Transport Layer Security (TLS) for secure communication through keystores and truststores. A keystore is a secure location for storing private keys and their corresponding digital certificates, allowing services to authenticate during transactions. In contrast, a truststore contains public certificates from trusted sources, enabling services to verify the authenticity of the certificates they receive.

Administrator privileges are required to configure the keystores and truststores that facilitate secure communication and maintain data integrity.

You can import and manage certificates for deployment to deploy anywhere assets on the Runtimes page. Certificates can be organized into logical security stores. One store can be designated as the default store, and is provisioned to all runtimes.

Note
To setup keystore and truststore for assets other than deploy anywhere assets, see Certificates.

The process of configuring certificates for deploy anywhere assets is as follows:

Access Stores and Certificates

From the navigation bar, click User Profile > Settings > Key/Certificate > Runtimes. The stores configured for deploy anywhere assets in your tenant appear, if any. The following details are listed:

Add New Stores

  1. Go to User Profile > Settings > Key/Certificate > Runtime. The stores configured for the runtimes in your tenant appear.

  2. Click New. The Add new store dialog box appears.

  3. Enter the store name in the New store name field.

  4. Click Next. The <Storename> page appears.

    The Identify section displays the keystore details and lists all keys and certificates in tabular format.
    The Trust section displays the truststore details and lists all trusted certificates in tabular format.

  5. To import certificates, do the following:

    The sub steps mentioned in this step are applicable for both the Identify and Trust certificates.

    a. Go to the Identify section to add certificates or import existing keystores. Or,
    go to the Trust section to add certificates or import existing truststores.

    b. Click Add > Import Certificate: The Import Certificate dialog box appears.

    c. Enter an alias name.

    d. Click Browse and select the certificate that must be imported.

    e. Click Save. The certificate is imported and listed under the respective section.

  6. To import keystore, follow the instructions as specified in the section, Keystore.

    The Name and Description fields are not available for deploy anywhere assets.

  7. To import truststore, follow the instructions as specified in the section, Truststore.

    The Name and Description fields are not available for deploy anywhere assets.

    Sample Store Screen after adding keys and certificates

  8. Click Done after adding all certificates. The store is listed in the Runtime page. If there are no stores and you have added a store, then it is automatically choosen as default store. Else, you can set a default store, see Set up Default Stores.

Set up Default Stores

If you are setting the store for the first time, then it is automatically treated as default store. In multiple stores are available, then you can make any custom store as a default store. However, there can only be one default store.

  1. Go to User Profile > Settings > Key/Certificate > Runtimes. The stores configured in this tenant appear.

  2. Select the radio button before the store name that you want to make it as default. A warning message appears.

  3. Click Update default. The selected store is updated as default store whenever the deploy anywhere assets are syncronized or the runtime restarts.
    The Identify store and truststore of the default store is available as DEFAULT_ IS_KEYSTORE and DEFAULT_ IS_TRUSTSTORE in the aliases.

Use Stores in Deploy Anywhere Assets

Perform the following steps for SSL accounts imported from Git:

1.Go to the respective Runtime’s Dashboard > Connections. Or,
go to <your project> > Connectors > Deploy Anywhere > Manage Runtimes page.

  1. Click Edit for the connection you want to update the key and certificate details.

  2. Provide the certificate details in the keystore and truststore fields:

    • TrustStore Alias/FilePath: Type DEFAULT_ IS_TRUSTSTORE. This is the mandatory value.

    • TrustStore Password: Password for the truststore file. You can copy the password from the Store page.

    • KeyStore Alias/FliePath: Type DEFAULT_ IS_KEYSTORE. This is the mandatory value.

    • KeyStore Password: Password for the keystore file. You can copy the password from the Store page.

  3. Click Save connection. The details are updated. From now on, this connection uses the configured certificates for secured communication.