====== Keystore Management ======

  * This page allows administrators to manage the keystore used by the application.
  * It provides features to download and install certificates, generate self-signed certificates, and inspect the content of the application keystore.
  * The page is divided into two main tabs:
    * Install and download certificates
    * Keystore

{{:products:cockpit:1.0:userguide:administration:pasted:20251219-140638.png}}

===== Install and Download Certificates =====

==== Download Certificate ====

This section allows you to retrieve an SSL/TLS certificate from a remote server and install it into the application keystore.

=== Form Fields ===

  * **Host or IP**: The hostname or IP address of the remote server providing the certificate (**do not include HTTP or HTTPS schema**).
  * **Port**: Network port used by the remote server (typically 443 for HTTPS).
  * **Common Name or IP**: Expected Common Name (CN) or IP address that must match the certificate identity.

**After the certificate is downloaded and installed, an application restart is required for the changes to take effect.>**

----

==== Install a Self-Signed Certificate ====

This section allows the application to generate and install a self-signed certificate.

  * Click the **Install self-signed certificate** button.
  * Enter the Common Name (CN).
  * Once confirmed, a self-signed certificate is generated and added to the keystore.

**After installing a self-signed certificate, the application must be restarted for the new certificate to be used.**

----

===== Keystore =====

The Keystore tab provides a read-only view of the application keystore.

This tab displays a table containing all entries stored in the keystore, including:

  * Certificate aliases
  * Certificate type (trusted certificate, key entry, etc.)
  * Validity period
  * Additional metadata depending on the certificate type
  * And other related information