Uploading multiple key files simultaneously

Uploading multiple keys simultaneously is useful in the following situations:

  • Your web applications are secured by a large number of keys
  • Keys expire and you must reload them frequently
  • A single key is associated with more than one IP address

The bulk upload is a multistep process. First, you compose a bulk key management file, and then you upload it to the

The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

component.

The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

Before you begin

You must know the names of all the SSL key files that you want to upload, their passwords, and the IP addresses that you want to associate each key with.

To compose a bulk key management file

  1. Create a directory on your local computer, for example, MyKeys.
  2. Create a subdirectory, for example, keys.
  3. Copy all your keys into the keys subdirectory.
     Key files must be in the DER, PEM, or PFX format.
  4. Create another subdirectory and name it keyconfig_.

  5. Create the following XML file (you might name it _keyconf.xml for instance). Use the Key filestable for reference.

    <ssl>
          <sslKeys>
            <sslKey name="myKey01.pfx" active="true">
              <password><![CDATA[mypass01]]></password>
              <description><![CDATA[My first key.]]></description>
            </sslKey>
            <sslKey name="myKey02.pfx" active="true">
              <password><![CDATA[mypass02]]></password>
              <description><![CDATA[The second key.]]></description>
              </sslKey>
            <sslKey name="myKey03.pfx" active="true">
              <password><![CDATA[mypass03]]></password>
              <description><![CDATA[The third key.]]></description>
              </sslKey>
          </sslKeys>
    </ssl>
  6. Save this file in the keyconfig subdirectory.
  7. Create another subdirectory and name it ipmappingconfig.

  8. Create the following XML file and save it in the ipmappingconfig subdirectory.

    <ssl>
     <sslIPMappings>
       <sslIPMapping key="myKey01.pfx">
         <ipRange><![CDATA[192.0.2.12]]></ipRange>
         <portRange><![CDATA[443]]></portRange>
       </sslIPMapping>
       <sslIPMapping key="myKey02.pfx">
         <ipRange><![CDATA[192.0.2.13]]></ipRange>
         <portRange><![CDATA[443]]></portRange>
       </sslIPMapping>
       <sslIPMapping key="myKey03.pfx">
         <ipRange><![CDATA[192.0.2.14]]></ipRange>
         <portRange><![CDATA[443]]></portRange>
       </sslIPMapping>
     </sslIPMappings>
    </ssl>
  9. Compress the MyKeys directory to a ZIP file named MyKeys.zip.

    Now you can upload the key management file to the

    The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

    component.

The key files in this example are:

SSL key file

IP address

Uses port

Key password

mykey01.pfx

192.0.2.12

443

mypass01

mykey02.pfx

192.0.2.13

443

mypass02

mykey03.pfx

192.0.2.14

443

mypass03

To upload a bulk key management file

  1. In the

    The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

    component, point to Administration > Security settings, and then click Key management.
  2. On the Action menu, click Bulk Key upload.
  3. Click Browse, locate the ZIP file that contains the keys (for example, MyKeys.zip), and then click Open.
  4. Click Upload.

    The system uploads the files with cryptographic keys. For more information about creating XML files, see XML-elements-and-attributes-for-key-management.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*