Generate KeyStore

To set up a keystore for tia core you have to use the kgs create-keystore tool.

Caution: please use a java version that is newer or equal to the java version used in your tia Content Server instance.

check if your java version ist set up correctly.

java -version

the output should look like the following screenshot

Navigate to the directory path where you have downloaded the kgs create-keystore tool and open powershell or terminal

java -jar kgs-create-keystore-1.5.0.jar <keystorename> <keystorepassword>

After executing the create-keystore tool there should be two generated files.

One keystore file and one vault file. do not try to rename one of these generated files.

Both files should be provided to the tia Content Server according to the configuration specified in your tia contntserver repository.cfg.

Import a password

Caution: please use a java version that is newer or equal to the java version used in your tia Content Server instance.

keytool -importpass -storetype pkcs12 -alias <aliasName> -keystore <Keystorename> -storepass <key>

With this command keytool asks for the password and store it in the keystore. Use the alias in repository.cfg for secret information like passwords, connectionstrings or encryption keys.

List all entries

if you want to know which entries are contained in your existing keystore, please use the following command

keytool -list -storetype pkcs12 -keystore <Keystorename> -storepass <key>

example → 1 entry with alias webserver

Provide keystore to the tia contentserver

modify your repository.cfg as follows

T1.keystoreservice.type = pkcs12
T1.keystoreservice.pkcs12.name = <keystorename>
T1.keystoreservice.pkcs12.path = C:/<path-to-your-keystore>/

restart the tia contentserver service and check the repository status in the tia web ui

as of now, you can send certificates to the contentserver and view them via the tia web ui

shown certificate details