Certificate Management
- Shaun Morris
- Matthew Ramey
Analytics
DDF uses certificates in a two distinct ways:
- Transmit and receive encrypted messages.
- Performing authentication of an incoming user request.
This page details general management operations of using certificates in DDF.
Default Certificates
DDF comes with a number of default keystores that contain certificates. The keystores are used for different services and have different hostnames to denote the services they are being used for.
| Alias | Keystore | Truststore | Configuration Location | Usage |
|---|---|---|---|---|
| server | serverKeystore.jks | serverTruststore.jks | File: etc/org.ops4j.pax.web.cfg File: etc/ws-security/server/encryption.properties File: etc/ws-security/server/signature.properties | Used to secure (SSL) all of the endpoints for DDF. This also includes the admin console and any other web service that is hosted by DDF. |
| client | clientKeystore.jks | clientTruststore.jks | Web Console: Platform Global Configuration File: etc/ws-security/client/encryption.properties File: etc/ws-security/client/signature.properties | Used for performing outgoing SSL requests. Examples include sending requests to federated sites and verifying tickets with CAS. |
| tokenissuer | stsKeystore.jks | stsTruststore.jks | File: etc/ws-security/issuer/encryption.properties File: etc/ws-security/issuer/signature.properties | Used to sign STS SAML assertions. |
File Management
File management deals with creating and configuring the files that contain the certificates. In DDF these files are generally Java Keystores (jks) and Certificate Revocation Lists (crl). This page gives commands and tools that can be used to perform these operations.
Configuration Management
Configuration management deals with configuring DDF to use already made certificates and defining configuration options for the system. This includes configuration certificate revocation and keystores.