Keystores Quick Start Guide
search cancel

Keystores Quick Start Guide

book

Article ID: 430418

calendar_today

Updated On:

Products

Data Loss Prevention Data Loss Prevention API Detection Data Loss Prevention API Detection for Developer Apps Virtual Appliance Data Loss Prevention Cloud Detection Service Data Loss Prevention Cloud Detection Service for API Detection Data Loss Prevention Cloud Detection Service for Endpoint Data Loss Prevention Cloud Detection Service for ICAP Data Loss Prevention Cloud Detection Service for REST Data Loss Prevention Cloud Package Data Loss Prevention Cloud Prevent for Microsoft Office 365 Data Loss Prevention Cloud Service for Discovery/Connector Data Loss Prevention Cloud Service for Email Data Loss Prevention Cloud Storage Data Loss Prevention Core API Detection Data Loss Prevention Core Package Data Loss Prevention Data Access Governance Data Loss Prevention Discover Suite Data Loss Prevention Endpoint Discover Data Loss Prevention Endpoint Prevent Data Loss Prevention Enforce Data Loss Prevention Enterprise Suite Data Loss Prevention for Mobile Data Loss Prevention Form Recognition Data Loss Prevention Network Discover Data Loss Prevention Network Monitor Data Loss Prevention Network Monitor and Prevent for Email Data Loss Prevention Network Monitor and Prevent for Email and Web Data Loss Prevention Network Monitor and Prevent for Web Data Loss Prevention Network Prevent for Email Data Loss Prevention Network Prevent for Email Virtual Appliance Data Loss Prevention Network Prevent for Web Virtual Appliance Data Loss Prevention Network Protect Data Loss Prevention Oracle Standard Edition 2 Data Loss Prevention Plus Suite Data Loss Prevention Sensitive Image Recognition

Issue/Introduction

This KB article will cover some basic information about common Keystores used by DLP.

Environment

n/a

Cause

n/a

Resolution

What are Keystores?
- There are different types of keystores, but since DLP uses JAVA for communication we are typically using a "PKCS12" keystore.
- Think of a keystore like a digital folder. It is simply a folder that specifically stores Certificates
- A Keystore will store both Public and Private keys for a Certificate.

Common Keystores?

ENFORCE SERVER

KeystoreRelated Config FilesPurposePath

.keystore

Server.xml, Protect.propertiesConsole TomcatC:\Program Files\Symantec\Data Loss Prevention\Enforce Server\<ver>\Protect\tomcat\conf\.keystore
truststore.jksProtect.propertiesTrusted CA CertificatesC:\Program Files\Symantec\Data Loss Prevention\Enforce Server\<ver>\Protect\tomcat\conf\truststore.jks
samlkeystore.jksn/aSAML AuthenticationC:\Program Files\Symantec\DataLossPrevention\EnforceServer\<ver>\Protect\tomcat\webapps\ProtectManager\security\samlKeystore.jks
cacertsn/aUsed for 3rd part certificates (Syslog, SLDAP, Oracle, etc...)C:\Program Files\AdoptOpenJRE\<ver>\lib\security\cacerts
enforce_keystore.jksn/aCDS CertificatesC:\ProgramData\Symantec\DataLossPrevention\EnforceServer\<ver>\keystore\enforce_keystore.jks
DLP_Detection_Keystore.jksn/aStores Detection Server PasswordsC:\ProgramData\Symantec\DataLossPrevention\EnforceServer\<ver>\keystore\DLP_Detection_Keystore.jks
DLP_ROOT_Certificate_Authority.jksn/aRoot Certificate for Endpoint AgentsC:\ProgramData\Symantec\DataLossPrevention\EnforceServer\<ver>\keystore\DLP_ROOT_Certificate_Authority.jks
enforce.<date>.sslkeystoren/aEnforce to Detection Server KeystoreC:\ProgramData\Symantec\DataLossPrevention\EnforceServer\<ver>\keystore\enforce.<date>.sslkeystore

 

DETECTION SERVER

KeystoreRelated Config FilesPurposePath
prevent.ksn/aMTA CertificatesC:\ProgramData\Symantec\DataLossPrevention\DetectionServer\<ver>\keystore\prevent.ks
secureicap.jksProtect.propertiesSecure ICAPC:\ProgramData\Symantec\DataLossPrevention\DetectionServer\<ver>\keystore\prevent.ks
ocr_grpc_client_keystore.jksOCRDetection.properties > grpc.keystore.passwordOCR ServersC:\Program Files\Symantec\DataLossPrevention\DetectionServer\<ver>\Protect\keystore\ocr_grpc_client_keystore.jks
Monitor.<date>.sslkeystoren/aDetection Server to Enforce KeystoreC:\ProgramData\Symantec\DataLossPrevention\DetectionServer\<ver>\keystore\monitor.<date>.sslkeystore

 

Creating Keystores?
- When creating a Certificate it will automatically create a keystore if one does not already exist.

Certificates that should be treated as Keystores?
- .p12 (PKCS#12)
- .pfx (PKCS#12)
- .jks (Java Keystore)
- .pem (ASCII)

Additional Information

Return to the Certificate's Quick Start Guide

Powered by Wolken Software