TrustStore settings

The TrustStore tab in the Network Security panel displays all the CA certificates that the Delphix Engine trusts. Click on the Actions (...) menu in the top right to reveal the options for editing the TrustStore contents:

Delphix Engine generates alerts when certificates in the Keystore or truststore are expired or about to expire:

• A warning level alert is generated if certificates are expiring in 60 days.

• Critical level alerts are generated if certificates expire in 14 days or have already expired.

The truststore is used for a variety of connections from the engine to external hosts, such as secure SMTP, and HTTPS proxy connections.

Adding a certificate

1. From the Actions menu select Add Certificate.

2. In the Add Certificate wizard paste the PEM contents of the CA certificate you want to add. The PEM contents must have the appropriate header and footer included.

3. If you are adding a non-root CA certificate, its signer must already exist in the truststore. So, if you are adding a chain with multiple certificates, you must add them individually starting from the root CA. If not, you will get an error saying that we could not establish a chain of trust.

4. Click Next to view a Summary tab where you can confirm the certificate contents.

5. Click Submit. 

Deleting a certificate

 Use this option to delete the selected CA certificate.

Deleting any certificate that breaks an existing chain of trust is not allowed.

1. From the Actions menu select  Delete Certificate .

2. The default Delphix CA cannot be deleted. Note that deleting any certificate that breaks an existing chain of trust is also not allowed.

3. In the Confirmation dialog select Delete.

   

Unlike the network security settings, any changes to the TrustStore will not require a stack restart.