Close popover

Table of Contents

Keystores

A keystore is a file that contains keys and certificates that you use for encryption, authentication, and serving content over HTTPS. In Pega Platform, you create a keystore data instance that points to a keystore file.

You can reference keystore data instances in the Keystore and Truststore fields for record types such as Web Services (WS) Security Profile data instances and REST connectors.

You source a keystore from a data page, a URL, a keystore management service, or an external file. The keystore source determines which of the standard formats are available: JKS, JWK, PKCS12, KEYTAB, or KEY.

Pega Platform includes several keystore examples, such as BoxComTrust.

  • Creating a keystore for application data encryption

    Create a keystore instance for your keystore file, which contains the keys and certificates that are used, for example, to support Web Services Security and outbound email security.

  • Creating a data page activity for a keystore

    To configure a keystore with a data page reference, you must create the activity that loads the keystore into the data page. You can create the activity by clicking the Add icon on the data page Definition tab.

  • Creating a keystore for application data encryption

    Create a keystore instance for your keystore file, which contains the keys and certificates that are used, for example, to support Web Services Security and outbound email security.

  • Changing the default keystore caching settings

    You can change the values of the KeyStoreCacheExpireTime and KeyStoreCacheSize settings to control how often the keystore cache is refreshed and to restrict cache size. The lower the values, the less memory is used, but processing power is reduced.

  • Importing an X.509 certificate

    You can import X.509 certificates that are defined in keystore instances of type JKS or PKCS12. They become active without your having to restart the server.

  • Encrypting application data by using a custom key management service

    You can encrypt application data by using an encryption key that is sourced from a custom key management service that is accessed from a data page. You source a key in this way when you use a key management service that is not one of the supported keystore platforms.

  • Encrypting system data by using a custom key management service

    You can encrypt system data by using an encryption key that is sourced from a custom key management service that is accessed from a data page. You source a key in this way when you use a key management service that is not one of the supported keystore platforms.

Suggest Edit

50% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.