Keystore Management

This document describes the management of keystores in M3 Business Engine.

Introduction

The keystore management provides functionality for importing keystore files into M3 Business Engine and to use these for identification, document signing, and similar activities that are part of different functionality in M3 Business Engine.

Limitations

Some limitations of M3 Business Engine keystore management are as follows:

  • Only two types of keystore are supported by M3. These are Java KeyStores and PKCS#12 (Public Key Cryptography Standards).
  • Keystore files can only be imported if stored in the M3 file transfer directory.

Store keystore in M3

Keystore management is mainly handled by 'Keystore. Open' (SES300). With this program, keystores can be imported in M3 Business Engine for use of different applications.

Follow these steps to store a keystore in M3 Business Engine:

  1. Save a copy of the keystore file in the M3 file transfer directory.

    Note: The file can be saved either in the root directory or in its subdirectory.
  2. Import the keystore file.

    Start 'Keystore, Open' (SES300). Set up the identification for the keystore and store it in M3 by defining the following settings:

    Program ID/Panel Field Description
    (SES300/B) ID string The field describes the function area where the keystore is intended for use. It serves as the identifier for the keystore record in M3 Business Engine and thus, it is a mandatory field.
    (SES300/B) Division Enter a value in this field if the keystore is intended for a specific division only. Otherwise, leave it blank.
    (SES300/B) User Enter a value in this field if the keystore is intended for specific users only. Otherwise, leave it blank.
    (SES300/E) Description The field is used to provide a concise description of the keystore and/or its possible use in M3 Business Engine.
    (SES300/E) Folder name

    The field indicates the name of the folder containing the documents used when transferring to or from M3.

    Note: The folder is always placed within the folder in MvxFileTransfer. If a subfolder is not used, leave this field blank.
    (SES300/E) File name

    The field indicates the file name of the keystore, including the file extension.

    Note: The file is always placed within the MvxFileTransfer folder or subfolder.
    (SES300/E) Keystore type

    The field is used to identify the keystore type.

    Alternatives

    • JKS = Java KeyStore
    • PKCS12 = Public Key Cryptography Standards #12
    Note: The Java keystores normally have file extensions ".jks" or ".ks" while the PKCS keystores have file extensions ".p12" or ".pfx".
    (SES300/E) Password

    The field is used to define the password for the keystore. The password must be the same for both the key and the keystore itself.

    Note: It is not possible to display or change the password once it has been stored.
  3. Delete the keystore file from the file transfer folder once successfully imported into M3.

View keystore data

Once the keystore has already been imported in M3, you can view the data that comes along with it through 'Keystore. View Data' (SES301). Access is controlled by the setup used in (SES300) when the keystore was imported and it cannot be changed.

Follow these steps to view keystore data:

  1. Start 'Keystore. Open' (SES300).

  2. Select the keystore you want to view then use related option 20 = 'View Keystore Data' to open (SES301). This displays the keystore data such as the certificate’s issuer and the party that holds it, and the validity period for the certificate.