Keystore Security

Apologies if this has been asked and answered and I've just not found the post.

Anyone know how I can see details of the security controls applied to a Keystore? I'm guessing that the contents are encrypted by default as opposed to KVM content but I can't find where this is documented or details of any other controls applied to the Keystore.

Thanks in advance

Regards

1 3 607
3 REPLIES 3

This is a great question Andrew! Apigee store keystores and keystore passwords in Cassandra securely (as I know this data is encrypted). Afterwards, Apigee Router talks to Cassandra and fetch that data and extract TLS certificate and key and write those to the filesystem and create a Nginx configuration file for each virtual host by specifying file paths of above files. After this point, TLS certificate and key will be available on Apigee Router filesystem.

Hi, Imesh!

Could you provide more details please? Are TLS certificate and key files stored securely on Router filesystem? Are they encrypted in any way? Thanks.

Some info..

If we are referring to virtual host enabling 2-way the vh/cert/key information goes to /opt/nginx/conf.d (on router).You can find .conf(for virtual host info), .cert for cert & .key for private key info.. Not encrypted though.