Note: this component stores cluster-wide configuration data and is mirrored across all servers in the topology within the the same cluster.
Note: changes to cluster-wide configuration objects are immediately and automatically mirrored across all servers within the same cluster, so offline changes are not supported.
The Trusted Certificate represents a trusted public key that may be used to verify credentials for digital signatures and public-key encryption. The public key is represented as an X.509v3 certificate. For example, when configured on an access token validator, it may be used to validate the signature of an incoming JWT access token before the product REST APIs consume the access token for Bearer token authentication.
↓Relations to This Component
↓Properties
↓dsconfig Usage
The following components have a direct aggregation relation to Trusted Certificates:
The properties supported by this managed object are as follows:
Basic Properties: | Advanced Properties: |
---|---|
↓ certificate | None |
Description | The PEM-encoded X.509v3 certificate. |
Default Value | None |
Allowed Values | application/x-x509-server-cert |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
To list the configured Trusted Certificates:
dsconfig list-trusted-certificates [--property {propertyName}] ...
To view the configuration for an existing Trusted Certificate:
dsconfig get-trusted-certificate-prop --certificate-name {name} [--tab-delimited] [--script-friendly] [--property {propertyName}] ...
To update the configuration for an existing Trusted Certificate:
dsconfig set-trusted-certificate-prop --certificate-name {name} (--set|--add|--remove) {propertyName}:{propertyValue} [(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Trusted Certificate:
dsconfig create-trusted-certificate --certificate-name {name} --set certificate:{propertyValue} [--set {propertyName}:{propertyValue}] ...
To delete an existing Trusted Certificate:
dsconfig delete-trusted-certificate --certificate-name {name}