Certificate Manager

The Certificate Manager is where administrators can add, edit, and manage certificates used when Pyramid connects to various data sources. You only need to manage the certificates in Pyramid where they are not issued by a publicly certified certificate issuer. As an example, you don't need to upload SQL certificates here as Microsoft publicly certify their own certificates, however, if you want to connect securely to Amazon content you will need to add certificate details.

When the certificate manager page is used:

  • Your public keys are added to our truststore and used for authentication when required. As an example, if your users connect to an Amazon AWS data source, the certificate that Pyramid uses to authenticate with AWS is added here and will be located automatically in the truststore when it is needed.
  • For In-Memory Databases (IMDB) only, you can add a Public + Private certificate pair. Adding the public key to the certificate manager adds it to the truststore. Installing the private key and associating it with your data source allows it to be used for your server-side connections. For more information, see IMDB Encryption.

Certificate Manager page

All of your Pyramid certificates are added into the table at the top of the page. You can edit or delete existing certificates. You can add new Public / Private certificates and Public certificates as required (purple highlight).

Uploading Certificates

From the Admin Console's Security > Certificate Manager page:

  1. Depending on your requirements, select one of the options to add a certificate:

    • If you want to upload a pair of certificates for IMDB authentication, click Public+Private certs.
    • If you want to upload a public key certificate that will be used when installing Python packages from a Custom repository using Pip, click Python public cert.
    • Otherwise, click Java public cert.

    The appropriate Add certificate panel opens at the bottom of the page.

  2. Optionally, resize your panel by dragging its top-edge upwards or clicking Maximize to make the most of the available space (green arrows).

  3. Specify the name and description for your certificate or certificate pair.

    4. Tip: If you are adding a certificate pair, you will need to select this pair from the Secure Connection options for your IMDB data source (Data > Data Sources > Security), so make sure this name is meaningful and easy to recognize.

  4. Specify your key or keys:

    • In the Unencrypted Private Key (Base64) field, paste the unencrypted private key that you want to use for server-side connection authentication.
    • In the Public Certificate (Base64) field, paste the unencrypted public key that you want to use for client-side connection authentication.
    Your key or keys must be valid, in the base64 format, and correctly delimited.

  5. From the top of the Add certificate panel , click Add.
    If your details are valid, the A restart is needed dialog opens. This dialog describes the services that need to be restarted and lets you choose when you want to restart and apply the changes to your certificates:

    • Click Restart Services Manually or the close button (X) to close the dialog and restart your services at a convenient time in the future.
    • Otherwise, click Restart Services Now.

Your certificates are added to the main table in the Certificate Manager page and will be used once the restart is complete.

Securing IMDB communication

The primary use case for uploading public / private certificates is to secure Pyramid's In-Memory database communications. If you added a public / private certificate pair, you need to edit the details of your IMDB data sources to reference the certificate.

  • Click here for the full IMDB Encryption process
  • Click here for details of the IMDB Data Source fields used to reference the private key

Restart Services

If you did not restart your services automatically at the end of the upload process, you need to restart the following services to ensure your certificates are used:

For a Python public certificate, you need to restart:

  • AI Servers.

For a Java public certificate, you need to restart:

  • Runtime Engines.
  • Task Engines.
  • Web Services.

For a public + private certificate pair, you need to restart:

  • Runtime Engines.
  • Task Engines.
  • If the private certificate is assigned to an In Memory Database, that In Memory Database (IMDB) also needs restarting.

For details describing how to restart these services in Pyramid, see Restarting Services.

Certificate Manager Fields

Main Options

The options at the top-right of the page (purple arrow) allow you to create your certificate and refresh the whole view.

Name

Description

Public+Private certs

IMDB Only: Click to supply details of the public (client side) and private (server side) keys that you want to authenticate with.

Python public cert

Click to supply details of a Python public key that you want to add to your truststore.

This public certificate will be used when installing Python packages from a Custom repository using Pip.

Java public cert

Click to supply details of a Java public key that you want to add to your truststore.

This public certificate will be used in all other scenarios.

Refresh

Refresh the page with the latest data.

Actions

The certificates list allows you to interact with your certificates individually.

Name

Description

Edit

Open the certificate in the Certificate panel at the bottom of the page for editing.

Note: You cannot change the certificate type after it is created, but you can change the name, description, and key content for your existing certificates.

Delete

Delete a certificate or certificate pair.

Note: You will need to restart to apply this change.

Audit Trail

Where the Audit trail is enabled, click this option to view a history describing when the selected certificate was created, changed, or deleted, by date and by user.