Skip to main content
Skip table of contents

Customer provided key pair configuration

This section describes the steps to take if you are replacing the HTTPS or DSP (Delphix Session Protocol) or stunnel-server with your own key pair and certificate. To start, you need to add the key pair and full certificate chain as an entry in a file in JKS or PKCS #12 format.

If replacing the key pair for the DSP application, note that when the DSP Server or Client authenticates each incoming DSP connection (if enabled), it will validate that each certificate of the incoming connection's identity chain has a "Valid From (or Not Before)" date that is after its own time.

Thus, if your Delphix Engine or host environments are running off of an incorrect (slow) time configuration, then your DSP connections will not work until the offending engine or host's time advances past all incoming certificate's "Valid From (or Not Before)" time.

If correcting the Delphix Engine's or host environment's time configuration may cause issues, then you can workaround this issue by creating and using a certificate with a "Valid From (or Not Before)" date which is before your slowest Engine or host.

  1. From the Network Security panel, select the Actions (...) menu, and select Replace Certificate

  2. In the Replace Certificate window, select Upload certificate as files

    1. The Certificate Alias field is where the key pair and certificate is saved in your JKS or PKCS #12 store.

    2. The Keystore Passcode field is the keystore’s password.

    3. The Key Pair Passcode field is the password for the given alias’ key. If not set, it uses the keystore's password.

  3. Click Next to view a summary. Then click Submit.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.