Integration Runtimes Secured Communication
Learn how to configure runtimes to exchange data in a secured way.
Learn how to configure runtimes to exchange data in a secured way.
You can set up the deploy anywhere assets to utilize Secure Sockets Layer (SSL) or Transport Layer Security (TLS) for secure communication through keystores and truststores. A keystore is a secure location for storing private keys and their corresponding digital certificates, allowing services to authenticate during transactions. In contrast, a truststore contains public certificates from trusted sources, enabling services to verify the authenticity of the certificates they receive.
Administrator privileges are required to configure the keystores and truststores that facilitate secure communication and maintain data integrity.
You can import and manage certificates for deployment to deploy anywhere assets on the Runtimes page. Certificates can be organized into logical security stores. One store can be designated as the default store, and is provisioned to all runtimes.
The process of configuring certificates for deploy anywhere assets is as follows:
From the navigation bar, click User Profile > Settings > Key/Certificate > Runtimes. The stores configured for deploy anywhere assets in your tenant appear, if any. The following details are listed:
Name: Name of the store. This store contains both the keystore and truststore files.
Status: Indicates whether all the certificates and keys are valid or not. If the status is invalid, you can delete and add a new valid key or certificate.
Actions: Lists the various operations you can perform on the store.
Edit: Allows you to add or remove the certificates or keys in a store. You can follow the steps mentioned in Adding New Stores after clicking the Edit button.
Delete: Allows you to delete the store. Be careful while deleting a store, as they may be in use with other deploy anywhere assets.
Go to User Profile > Settings > Key/Certificate > Runtime. The stores configured for the runtimes in your tenant appear.
Click New. The Add new store dialog box appears.
Enter the store name in the New store name field.
Click Next. The <Storename> page appears.
The Identify section displays the keystore details and lists all keys and certificates in tabular format.
The Trust section displays the truststore details and lists all trusted certificates in tabular format.
To import certificates, do the following:
The sub steps mentioned in this step are applicable for both the Identify and Trust certificates.
a. Go to the Identify section to add certificates or import existing keystores. Or,
go to the Trust section to add certificates or import existing truststores.
b. Click Add > Import Certificate: The Import Certificate dialog box appears.
c. Enter an alias name.
d. Click Browse and select the certificate that must be imported.
e. Click Save. The certificate is imported and listed under the respective section.
To import keystore, follow the instructions as specified in the section, Keystore.
The Name and Description fields are not available for deploy anywhere assets.
To import truststore, follow the instructions as specified in the section, Truststore.
The Name and Description fields are not available for deploy anywhere assets.
Sample Store Screen after adding keys and certificates
Click Done after adding all certificates. The store is listed in the Runtime page. If there are no stores and you have added a store, then it is automatically choosen as default store. Else, you can set a default store, see Set up Default Stores.
If you are setting the store for the first time, then it is automatically treated as default store. In multiple stores are available, then you can make any custom store as a default store. However, there can only be one default store.
Go to User Profile > Settings > Key/Certificate > Runtimes. The stores configured in this tenant appear.
Select the radio button before the store name that you want to make it as default. A warning message appears.
Click Update default. The selected store is updated as default store whenever the deploy anywhere assets are syncronized or the runtime restarts.
The Identify store and truststore of the default store is available as DEFAULT_ IS_KEYSTORE and DEFAULT_ IS_TRUSTSTORE in the aliases.
Perform the following steps for SSL accounts imported from Git:
1.Go to the respective Runtime’s Dashboard > Connections. Or,
go to <your project> > Connectors > Deploy Anywhere > Manage Runtimes page.
Click Edit for the connection you want to update the key and certificate details.
Provide the certificate details in the keystore and truststore fields:
TrustStore Alias/FilePath: Type DEFAULT_ IS_TRUSTSTORE. This is the mandatory value.
TrustStore Password: Password for the truststore file. You can copy the password from the Store page.
KeyStore Alias/FliePath: Type DEFAULT_ IS_KEYSTORE. This is the mandatory value.
KeyStore Password: Password for the keystore file. You can copy the password from the Store page.
Click Save connection. The details are updated. From now on, this connection uses the configured certificates for secured communication.