Versions Compared

Old Version 26

changes.mady.by.user Pawel Baniewski

Saved on

compared with

New Version 27

changes.mady.by.user Pawel Baniewski

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Gliffy Diagram
size600
nametrusts_merger_flow
pagePin6

First provided truststore has to be backuped up (e.g. by adding extension .bak)

Open first truststore

If no PEM read all aliases and put in unique list

Keep it opened as we will add all other trust anchors to this truststore

For every other provided truststore:

Open it (in case of reading error or incorrect password exit with error code)

If not PEM

If destination format is not PEM

Read all aliases

If there is any conflict with already available aliases in unique list - cancel operation and exit with error code

If no conflicts - proceed

Convert to destination format if needed, e.g. PEM to Java certificate or vice versa

Put every entry into first truststore (we don't care - the same certificate can be saved multiple times under different alias - need to check if keytool allows that (warning))

IF PEM

Convert to destination format if needed, e.g. PEM to Java certificate or vice versa

If destination format is not PEM

generate aliases according to policy (warning) and make sure to not have any conflict with aliases from unique list

Put every entry into first truststore (we don't care - the same certificate can be saved multiple times under different alias - need to check if keytool allows that (warning))

Close truststore


Policy to generate new aliases (warning):

Use as prefix pem-trusted-certificate- and $INDEX.Save first truststore

Option 2 (Adjust DCAE components to support two internal and external truststores and keystores)

...