Certificate Management
The Security section lists the keys (Public and Private) of the server trust store, and allows to add or remove keys to the server trust store. The section also allows to define strength rules for login passwords to enhance security.
Public and private keys
Adding Partner's Public Key
from Keystore
- Click the Add Partner Public Key button.
- In the Public KeyStore Configuration section, provide the following:
- Add key From: Select the KeyStore option.
- Load File: Click the Select file button and add the Public Keystore file stored in the system.
- Alias Name: Select the name that populates in the drop-down after adding the Keystore file.
- New Alias Name: Provide a new alias name.
Click the Save button. After successful saving, details appear in the Public-Private keys list.
To remove a key from the list, click the Delete icon.
From Certificates
Perform the same actions as in the above section, but select the Certificate option under the Add Key From section.
Private Key Store Configuration
Adding Host-Key Pair
- Click the Add Partner Public Key to add the Public Key Store Configuration section.
- In the Public Key Store Configuration section, provide the following:
- Load Keystore File: Click the Select file button and add the Private Keystore file stored in the system.
- Alias Name: Select the name that populates in the drop-down after adding the Keystore file.
- New Alias Name: Provide a new alias name.
- Key Client Password: Password to authenticate the key.
Click the Save icon. After successful saving, details appear in the Public-Private keys section.
Setting TrustStore reload-time in Jetty Server Profile configuration
For new certificates to be reloaded into the server, Trust store reload time needs to be set.
Jetty server running in the gateway server will be reloaded with new certificates within this interval.
To set the Trust Store reload time, perform the following actions:
- Open eStudio and open the Profile Management perspective.
- Open APIGateway Server profile.
- Go to APIGateway > Fiorano > APIGateway > Jetty > PeerAPIManagementJetty.
Set the TrustStoreReload time to the required time interval.
By default, the Truststore Reload time is set to 0 due to which the Trust store does not load.
Password policies
This section allows administrators to define password strength and assign validation to enhance login security.
Adding a new rule
Click the Add button to add a new rule.
Rule Types
The two rule types - Strength and validation enhance password security and reduce the risk of unauthorized access.
Strength
Defines the complexity requirements that a password must meet to enhance security and prevent unauthorized access.
To ensure strength, it enforces conditions like:
- Minimum and maximum length
- Inclusion of uppercase and lowercase letters, numbers, and special characters
- Avoidance of common or weak passwords
- Use of passphrase-based authentication for enhanced security
Length Rule Class
| Property | Description |
|---|---|
| Rule description | A short description to understand what does the rule define. |
| Rule weight | |
| Length rule type |
|
| Length |
Match Rule Class
| Property | Description |
|---|---|
| Rule description | A short description to understand what does the rule define. |
| Rule weight | |
| Match rule type |
|
| Rule string |
Length
Imposes security policies governing the password lifecycle and user behavior, ensuring passwords are regularly updated, not reused, and safeguarded against unauthorized access.
Common validation rules include:
- Password expiration and mandatory updates after a set period
- Prevention of password reuse (password history enforcement)
- Account lockout after multiple failed login attempts
- Checks against breached or commonly used passwords
| Property | Description |
|---|---|
| Rule class |
|
| Rule description | A short description to understand what does the rule define. |
| Match/Length rule type |
|
| Rule String |
Deleting a rule
Select the rule that needs to be removed and click the Delete button that gets enabled on selection.
