Set up a keystore and encryption keys

Set up the keystore and encryption keys used by the Edge Encryption proxy server.

  1. Carefully determine the appropriate type of keystore to use based on your organization's needs.
    Supported keystore Description
    Java KeyStore

    A Java KeyStore:

    • Stores keys in a Java JCEKS KeyStore.
    • Is password protected and more secure than storing keys in a file in the file system.
    • Can store multiple keys. A key alias represents each key, making it easier to manage multiple keys.

    The Edge Encryption proxy ships with the Java JCEKS KeyStore file named keystore.jceks in the keystore directory. This keystore file contains the ServiceNow public key used to validate encryption rules signed by ServiceNow.

    NAE (Network Attached Encryption) key store

    Keys are stored and retrieved with SafeNet KeySecure key management.

    You must secure a license with Gemalto, download the libraries, and install the SafeNet KeySecure keystore on a host machine in your network before configuring the keystore on the Edge Encryption proxy server.

    File system Keys are stored in a file in a file system accessed by the Edge Encryption proxy server. Because encryption keys stored in a file are not encrypted, it is your responsibility to protect these files.
    Note: If using a keystore other than the base system Java JCEKS KeyStore, you must import the ServiceNow public key into your keystore. The public key alias is servicenow.
  2. Set up the keystore and encryption keys in your local network.