Administration Guide > TDV and SSL Authentication > Keystore and Truststore Files for TDV > Keystore and Truststore Configuration Parameters
 
Keystore and Truststore Configuration Parameters
To access the keystore and truststore configuration parameters for TDV and its data sources, select Administration > Configuration from the main Studio menu, and in the Configuration window navigate to:
Server > Communications
The following observations make it easier to understand the many keystore and truststore configuration parameters:
The values of keystore and truststore parameters are all locally defined (that is, by TDV instance). They are not altered when restoring a backup and are not replicated in a cluster.
Many of these parameters come in pairs ending with “Current” and “On Server Restart.” Changing the value of any “On Server Restart” parameter has no effect until the next server restart.
Trusted certificate entries in truststore files can have any number of bits.
The TDV Server configuration keystore key alias has a default value that names a sample keystore, so that TDV server can authenticate itself to sources and clients immediately upon installation.
The table below lists the keystore and truststore configuration parameters for the TDV server and its data sources.
Note: JDBC clients store SSL keys as values in JDBC parameters.
 
Parameter Name
Description
Keystore Key Alias (Server only; not Data Sources)
The alias name of the key entry used in SSL authentication to establish the identity of the server to external clients.
For TDV server authentication to data sources, this value is optional. If a value is set, the key entry corresponding to the provided alias is used for client authentication, regardless of the contents of the foreign server's truststore or the results of any security callbacks.
Keystore File Location
The location of the keystore file used in SSL authentication to establish the identity of the server to external clients. The keystore file must contain exactly one key entry (a private key/certificate pair). It can also contain certificate entries from trusted certificate authorities that are used to validate the certificates that are presented by external clients.
Keystore Password
The password of the keystore file (and of the entries within it, which must be the same).
Keystore File Type
The type of the keystore file. It must be a valid keystore type, such as JKS or PKCS12.
Truststore File Location
The location of the truststore file used in SSL authentication to decide what external clients the server should trust. The truststore file can contain certificates from trusted Certificate Authorities. These are used to validate the certificates that are presented by external clients.
The TDV JDBC client driver uses the client system’s truststore properties to validate the certificate:
javax.net.ssl.trustStore
javax.net.ssl.trustStorePassword
javax.net.ssl.trustStoreType
The TDV Server certificate must be added to this client’s truststore; otherwise, validation fails.
The placeholder TDV certificate does not work after the client system truststore is enabled, unless it is added to the client truststore.
Truststore Password
The password of the truststore file (and of the entries within it, which must be the same).
Truststore File Type
The type of the truststore file. Valid truststore types include JKS or PKCS12.