Importing external certificates into a Pega Keystore

From PegaWiki
Importing external certificates into TrustStore / This is the approved revision of this page, as well as being the most recent.
Jump to navigation Jump to search

Importing external certificates into a Pega Keystore

Description how to import external certificates into a Pega Keystore
Version as of 8.1
Application Pega Platform
Capability/Industry Area Security

Web applications that serve content over HTTPS can require both a trusted client and server. Frequently, the private keys issued to the client system are required for encryption and authentication of the content transported.

Pega Platform uses the Keystore rule, Data-Admin-Security-Keystore, to save certificates or private keys issued to the client-party. However, Pega Platform often needs the certificates provided from trusted Certificate Authorities (CA) to also be stored in the client system. The TrustManager validates these certificates, which are used while Pega Platform connects from a Connector rule or Web-Security Authentication profile to the external system.

This article explains how to save the certificates from an external website, for example, a Credit Bureau test environment, to Pega Platform as a Keystore instance, with the Connector rule as a Truststore field from Keystore explorer application.

Steps to copy all the intermediate and/or root certificates locally

  1. Hit the endpoint directly from the browser. If the browser shows the message that this website is not trusted, import the private certificate to the current user/local machine.
  2. Click the Site Info lock icon and open the certificate information.
  3. Navigate to Certification path tab and select the root certificate
  4. Click View certificate.
  5. In Details, click copy to file to copy the contents of certificate.
  6. Using the export wizard, save the .cer file to your local machine.
  7. Repeat step 4 - 5 to copy all intermediate certificates, if the root certificate is self-signed.
  8. Use the Keystore Explorer application to create a new Java Keystore, which comprises all of the certificates saved above.
  9. Save the generated Keystore file to your local machine.
  10. Upload the generated Keystore file to Pega Platform as an instance of Data-Admin-Security-Keystore and reference this in Security settings (Truststore) section of a Connector rule.
Copy certificate contents from an external website
Certificate export wizard