Certificate Manager
The Certificate Manager is where administrators can add, edit, and manage certificates used when Pyramid connects to various data sources. You only need to manage the certificates in Pyramid where they are not issued by a publicly certified certificate issuer. As an example, you don't need to upload SQL certificates here as Microsoft publicly certify their own certificates, however, if you want to connect securely to Amazon content you will need to add certificate details.
When the certificate manager page is used:
- Your public keys are added to our trust store and used for authentication when required. As an example, if your users connect to an Amazon AWS data source, the certificate that Pyramid uses to authenticate with AWS is added here and will be located automatically in the trust store when it is needed.
- For In-Memory Databases (IMDB) only, you can add a Public + Private certificate pair. Adding the public key to the certificate manager adds it to the trust store. Installing the private key and associating it with your data source allows it to be used for your server-side connections. For more information, see IMDB Encryption.
All of your Pyramid certificates are added into the table at the top of the page. You can edit or delete existing certificates. You can add new Public / Private certificates and Public certificates as required (red arrow).
Upload Certificates
From the Admin Console's Security > Certificate Manager page:
-
Depending on your requirements, select one of the Add options:
- If you want to upload a pair of certificates for IMDB authentication, click Add Public / Private Certificates.
- Otherwise, click Add Public Certificates.
The Upload Certificate panel opens at the bottom of the page.
-
Optionally, resize your panel by dragging its top edge upwards or using the Maximize button to make the most of the available space.
-
Specify the name and description for your certificate or certificate pair.
Tip: If you are adding a certificate pair, you will need to select this pair from the Secure Connection options for your IMDB data source (Data > Data Sources > Security), so make sure this name is meaningful and easy to recognize. -
Specify your key or keys:
- In the Unencrypted Private Key (Base64) field, paste the unencrypted private key that you want to use for server-side connection authentication.
- In the Public Certificate (Base64) field, paste the unencrypted public key that you want to use for client-side connection authentication.
-
From the top of the Upload Certificate panel , click Save.
If your details are valid, the A restart is needed dialog box opens. This dialog describes the services that need to be restarted and lets you choose when you want to restart and apply the changes to your certificates:- Click Restart Services Manually or X (the close option to the top-right) to close the dialog and restart your services at a convenient time in the future.
- Otherwise, click Restart Services Now.
Your certificates are added to the main table in the Certificate Manager page and will be used once the restart is complete.
Securing IMDB communication
The primary use case for uploading public / private certificates is to secure Pyramid's In-Memory database communications. If you added a public / private certificate pair, you need to edit the details of your IMDB data source(s) to reference to the certificate.
- For information, see Data Sources: Security.
- For full details of this process, see IMDB Encryption.
Restart Services
If you did not restart your services automatically at the end of the upload process, you need to restart the following services to ensure your certificates are used:
For a public certificate, you need to restart:
- Runtime Engines.
- Task Engines.
- Web Services.
For a public + private certificate pair, you need to restart:
- Runtime Engines.
- Task Engines.
- If the private certificate is assigned to an In Memory Database, that In Memory Database (IMDB).
For details describing how to restart these services in Pyramid, see Restarting Services.
Certificate Manager Fields
Main Options
The options at the top-right of the page (red arrow) allow you to create your certificate and refresh the whole view.
Name |
Description |
---|---|
Add Public/Private Certificates |
IMDB Only: Click to supply details of the public (client side) and private (server side) keys that you want to authenticate with. |
Add Public Certificates |
Click to supply details of a public key that you want to add to your trust store. |
Refresh |
Refresh the page with the latest data. |
Actions
The certificates list allows you to interact with your certificates individually,
Name |
Description |
---|---|
Edit |
Open the certificate in the Certificate panel at the bottom of the page for editing. Note: You cannot change the certificate type after it is created, but you can change the name, description, and key content for your existing certificates. |
Delete |
Delete a certificate or certificate pair. Note: You will need to restart to apply this change. |