The -> tab can be used to add, remove and update keystores that can be used for various security-based operations like WS-Security configuration for SOAP requests, SSL connection setup etc. Keystores are files that are used to store a set of keys and certificates. It usually contains two types of entries - Key entry, and , Certificate entry
The Key entry can in turn either be a Key Pair entry (i.e. a private and public asymmetric key pair, and optionally a chain of related certificates) or a secret key entry (symmetric key)
The following keystore file formats are supported -
-
JKS / JCEKS keystore format (.jks files)
-
PKCS#12 keystore format (.p12 files)
To manage keystores using Examine, you have to first upload it using the button in the Keystore Management tab. This will bring up the Import Keystore dialog as shown below. Note that since most keystores will be protected by a password, you should enter the keystore password to be able to create the keystore successfully.
Once the keystore as been uploaded successfully, the keystore contents will be displayed in a tree format as shown below:
The private key entries (such as 'client' and 'client2') are shown with the
key icon, while the public key entries that correspond to certificates are shown
with the certificate icon.
Clicking on the keystore name, displays the keystore details on the right side as shown below:
The following keystore operations are available from the details view:
- Delete
-
Delete the currently selected keystore from the system.
Note
For the delete operation to succeed, you have to ensure that this keystore is not used or referenced by any project. For e.g. if a keystore private key is used as the signing alias in a WS-Security configuration of a SOAP scenario, then trying to delete this keystore will result in an error like this:
Keystore is used by other resources. Try removing any associations to this keystore before deleting it. - Rename
-
Rename the currently selected keystore. This option can be useful if for e.g. you are trying to upload another keystore that has the same name but different set of key entries
- Change Password
-
This option can be used to change the keystore password. Note that you are not prompted for the old password
- Import Certificate
-
This option can be used to import a new X.509 certificate into the selected keystore. This is useful if you would like to add a new certificate to an already existing keystore after it has been created. Note that you specify a certificate entry alias for the new certificate that does not conflict with any existing key aliases. Click on the Browse button in the Upload X.509 Certificate dialog to upload a new valid certificate into this keystore under the given alias name.
- Download
-
This option can be used to download the keystore file back to your system at a later point if needed.
Private Key Entry operations
Clicking on the private key tree item displays the key entry details as shown below.
The following operations are available for the selected private key:
- Delete
-
Delete the current private key from this keystore.
Warning
Note that unlike deleting a referenced keystore, there is currently no check done when deleting a key and hence no error is thrown if the key is used elsewhere in some project.
- Export Key Pair
-
This option can be used to export the selected private key and its related public key from the keystore either in PKCS#12 file format or in PEM (base64-encoded) format as shown in the Export Key Pair dialog
- Export Certificate
-
This option can be used to export the private key entry's associated public key as an X.509 certificate in either DER (Binary) format or PEM (base64-encoded) format.
Public Key (Certificate) Entry operations
The Certificate Entry Details view is displayed when a public-key entry is clicked on the Keystore tree view.
The following operations are available for Certificate entries:
- Delete
-
Delete the currently selected public key entry from the keystore
- Export Certificate
-
This option is used to export the currently selected public key as an X.509 certificate in either DER (binary) or PEM (base64-encoded) format








Contents
Search
