Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Generate

...

KeyStore

To set up a keystore for tia core you have to use the kgs create-keystore tool.

...

Check if your java version ist set up correctly.

Code Block
java -version

the The output should look like the following screenshot

...

View file
namekgs-create-keystore-1.5.0.jar

Navigate to the directory path where you have downloaded the kgs create-keystore tool and open powershell or terminal

...

One keystore file and one vault file. do Do not try to rename one of these generated files.

Both files should be provided to the tia Content Server according to the configuration specified in your tia contntserver repository.cfg. The vault file is used by tia core to read the password to having access to the keystore.

Import a password

This password is used to store passwords in combination with alias in case of encryption service or access to blob storages (Azure, Amazon etc.) or anything else.

Caution: please use a java version that is newer or equal to the java version used in your tia Content Server instance.

Code Block
keytool -importpass -storetype pkcs12 -alias <aliasName> -keystore <Keystorename> -storepass <key<key>

With this command keytool asks for the password and store it in the keystore. Use the alias in repository.cfg for secret information like passwords, connectionstrings or encryption keys.

List all entries

if you want to know which entries are contained in your existing keystore, please use the following command

Code Block
keytool -list -storetype pkcs12 -keystore <Keystorename> -storepass <key>

example → 1 entry with alias webserver

...

Provide keystore to the tia contentserver

modify your repository.cfg as follows

Code Block
T1.keystoreservice.type = pkcs12
T1.keystoreservice.pkcs12.name = <keystorename>
T1.keystoreservice.pkcs12.path = C://<path-to-your-keystore>//

restart the tia contentserver service and check the repository status in the tia web ui

...

as of now, you can send certificates to the contentserver and view them via the tia web ui

...

shown certificate details

...