Daily Archives: September 10, 2018

Sitescope Keystores

  1. Key management        – used to hold persistency encryption key.
  2. SiteScope Trust Store – used for SSL communication (CACERTS), certification autorities we trust to tell us the real identity of outgoing connections (SSL).
  3. Server Key Store         – Used by SiS server to be identified by SiS clients as trust SiS server.
  1. Monitors flow (outgoing SSL connections):
    SITESCOPE_HOME_DIR/java/lib/security/cacerts – SiteScope trust store (converted to PKSC12 format when using monitors for outgoing SSL connections)
  2. SiteScope server configured to SSL (ingoing SSL connections):
    SITESCOPE_HOME_DIR/groups/serverKeystore (in FIPS mode created in PKSC12 format)
  3. SiteScope server configured to SSL + client authentication\CAC (ingoing SSL connections):
    SITESCOPE_HOME_DIR/templates.certificates/serverTrustStore (JKS format)
  4. SiteScope API configuration (SiteScope server configured to SSL + client authentication):
    SITESCOPE_HOME_DIR/groups/serverKeystore (in FIPS mode created in PKSC12 format)
    SITESCOPE_HOME_DIR/templates.certificates/serverTrustStore (JKS format)
    SITESCOPE_HOME_DIR/java/lib/security/cacerts (JKS format)
    Client KeyStore and TrustStore for SiteScope API usage:
    SCRIPT_HOME/API_Configuration/clientTrustStore (JKS format)
    SCRIPT_HOME/API_Configuration/clientKeyStore (JKS format)
  5. SiteScope client certificate authentication for BSM integration:
    SITESCOPE_HOME_DIR/templates.certificates/BSMClientKeystore (JKS format)
Advertisements