Creating an SSL client keystore in ION Grid for LifeCycle Manager

You can use LifeCycle manager to generate a client keystore for SSL authentication. This keystore will contain a key pair for the client and a certificate signed by the grid root private key. If the keystore type is JKS or BKS, it will also contain the certificate for the grid root key pair.

Note: In an ION Grid installed through the Java installation program, the same result can be achieved by the use of the console method: -create=clientcert.

In LifeCycle Manager, locate the grid you wish to connect to.
In the Applications view, right-click on the grid and select Grid Maintenance > Manage Security.

The Manage Security dialog box is displayed.
Select the Generate client keystore radio button and click Next.
In the Create Client Keystore window, consider the following fields:
Keystore name

This is the name of the user to be authenticated via SSL. It is also the name of the keystore itself.

Keystore password

Select a strong password and make sure to remember it since it cannot be retrieved later.

Role list separated by

This should be a list of all roles the user should be assigned when using the keystore for authentication. If no specific role is required, simply enter the username.

Keystore type
The format in which the keystore will be exported. You can select one of the following values:
- JKS - Java Keystore, the native keystore type for Java applications. File extension (.ks)
- BKS - Bouncy Castle Keystore, provided by the Bouncy Castle crypto provider. Works with Java and especially with applications developed for Android devices. File extension (.bks)
- PKCS12 - A standard format, published by RSA Laboratories and usable in a Windows environment. File extension (.p12)
Directory to store the keystore in

This is a directory on the machine that the LifeCycle Manager client is running on.
Click Next and then Finish.

The keystore with the generated credentials is written to the selected directory.