Remote Keystore and Truststore

You can configure stages to load the contents of the keystore or truststore from a remote credential store or from values entered in the stage properties. The stage builds the keystore or truststore from the private key and certificates retrieved from the credential store or entered in the stage properties.

To provide a remote keystore or truststore, you select the Use Remote Keystore or Use Remote Truststore property after enabling SSL/TLS for the stage. You then configure the following properties:

Private key

The private key used in the remote keystore. Enter the key in one of the following ways:

Use a credential function to access the key defined in a credential store. For more information, see Using a Credential Store.
Enter the contents of the key in the property.

In Data Collector Edge pipelines, enter the contents of the key.

Certificates

Each PEM certificate used in the remote keystore or truststore. Using simple or bulk edit mode, click the Add icon to add additional certificates. For a keystore certificate chain, the certificates must be listed in the order of the chain, with the first certificate being the keystore certificate and the last being the CA certificate.

Enter each certificate in one of the following ways:

Use a credential function to access the PEM certificate defined in a credential store. For more information, see Using a Credential Store.
Enter the contents of the PEM certificate in the property.

In Data Collector Edge pipelines, enter the contents of the certificate.

Algorithm

Data Collector uses the SunX509 key exchange algorithm by default. You can use any algorithm compatible with your keystore/truststore file that is supported by your JVM.

Not valid in Data Collector Edge pipelines. In Data Collector Edge pipelines, stages ignore the algorithm property for a keystore or truststore.