Generate KeyStore
To set up a keystore for tia core you have to use the kgs create-keystore tool.
Caution: please use a java version that is newer or equal to the java version used in your tia Content Server instance.
Check if your java version ist set up correctly.
java -version
The output should look like the following screenshot
Navigate to the directory path where you have downloaded the kgs create-keystore tool and open powershell or terminal
java -jar kgs-create-keystore-1.5.0.jar <keystorename> <keystorepassword>
After executing the create-keystore tool there should be two generated files.
One keystore file and one vault file. Do not try to rename one of these generated files.
Both files should be provided to the tia Content Server according to the configuration specified in your tia contntserver repository.cfg. The vault file is used by tia core to read the password to having access to the keystore.
Import a password
This password is used to store passwords in combination with alias in case of encryption service or access to blob storages (Azure, Amazon etc.) or anything else.
Caution: please use a java version that is newer or equal to the java version used in your tia Content Server instance.
keytool -importpass -storetype pkcs12 -alias <aliasName> -keystore <Keystorename> -storepass <key>
With this command keytool asks for the password and store it in the keystore. Use the alias in repository.cfg for secret information like passwords, connectionstrings or encryption keys.
List all entries
if you want to know which entries are contained in your existing keystore, please use the following command
keytool -list -storetype pkcs12 -keystore <Keystorename> -storepass <key>
example → 1 entry with alias webserver
Provide keystore to the tia contentserver
modify your repository.cfg as follows
T1.keystoreservice.type = pkcs12 T1.keystoreservice.pkcs12.name = <keystorename> T1.keystoreservice.pkcs12.path = C:/<path-to-your-keystore>/
restart the tia contentserver service and check the repository status in the tia web ui
as of now, you can send certificates to the contentserver and view them via the tia web ui
shown certificate details