Trusted Certificate

Note: this component stores cluster-wide configuration data and is mirrored across all servers in the topology within the the same cluster.

Note: changes to cluster-wide configuration objects are immediately and automatically mirrored across all servers within the same cluster, so offline changes are not supported.

The Trusted Certificate represents a trusted public key that may be used to verify credentials for digital signatures and public-key encryption. The public key is represented as an X.509v3 certificate. For example, when configured on an access token validator, it may be used to validate the signature of an incoming JWT access token before the product REST APIs consume the access token for Bearer token authentication.

Relations to This Component Properties dsconfig Usage

Relations to This Component

The following components have a direct aggregation relation to Trusted Certificates:

Properties

The properties supported by this managed object are as follows:


Basic Properties: Advanced Properties:
 certificate  None

Basic Properties

certificate

Description
The PEM-encoded X.509v3 certificate.
Default Value
None
Allowed Values
application/x-x509-server-cert
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action


dsconfig Usage

To list the configured Trusted Certificates:

dsconfig list-trusted-certificates
     [--property {propertyName}] ...

To view the configuration for an existing Trusted Certificate:

dsconfig get-trusted-certificate-prop
     --certificate-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Trusted Certificate:

dsconfig set-trusted-certificate-prop
     --certificate-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Trusted Certificate:

dsconfig create-trusted-certificate
     --certificate-name {name}
     --set certificate:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing Trusted Certificate:

dsconfig delete-trusted-certificate
     --certificate-name {name}