SSL Keystores

Space supports uploading SSL keystores. An SSL client key contained in a keystore is used to identify Space as a client when connecting to an external server. Adding a server certificate as trusted means that you trust the server that holds a respective certificate.

The uploaded SSL keystores can be used to configure secure connection with supported third-party authentication providers.

Upload an SSL keystore:

On the main menu, click Administration and choose SSL keystores.
Click Add keystore.
Enter a name for the new keystore.
Select a file that contains the keystore. Browse for the file or drag-and-drop it into the field.
- The keystore must be in PKCS12 (.p12) format.
- The keystore must be password protected.
- The keystore must contain a single entry.
Click Add to upload the selected file to Space.

Added keystores are enabled by default.

Disable and enable keystores:

On the main menu, click Administration and choose SSL keystores.
Locate the keystore in the list and click a corresponding button: Active or Inactive.

Delete a keystore:

On the main menu, click Administration and choose SSL keystores.
Locate the keystore in the list and click next to it.

Generate a keystore File

There are several tools that let you create SSL keys and certificates in PKCS12 format. Here is how to create SSL key with the OpenSSL toolkit:

Generate a new 2048 bit RSA key with password protection:
openssl genrsa -des3 -out Space.key 2048
Generate a certificate request for the generated key:
openssl req -new -key Space.key -out Space.csr
Generate a certificate:
openssl x509 -req -days 365 -in Space.csr -signkey Space.key -out Space.crt
Package the key and the certificate in a PKCS12 file:
openssl pkcs12 -export -out Space.p12 -inkey Space.key -in Space.crt -certfile Space.crt
- You now have a PKCS12 keystore (Space.p12 in the example) that is ready for upload to Space.

Last modified: 23 August 2023