Skip to main content
Skip table of contents

Manage keystores in Nexus Timestamp Server

This article describes how to manage keystores in Nexus Timestamp Server.

A keystore contains a private key, a corresponding subject certificate and optionally one or more issuer (CA) certificates. Nexus Timestamp Server accepts two different keystore formats, PKCS#12 and JKS (Java KeyStore), as well as PKCS#11 libraries for HSM support.

  • JKS keystores
    Manage JKS keystores with keytool which is a tool included in the Java JRE/JDK as <javadir>/bin/keytool.

  • PKCS#12 keystores
    Manage PKCS#12 keystores with a tool such as openssl or Smart ID Certificate Manager.

  • PKCS#11 keystores
    Manage PKCS#11 keystores with the bundled tool hwsetup, see Initialize Hardware Security Module in Timestamp Server, or tools from the HSM vendor. See documentation and explanations from the vendor for a complete reference.

    Keys to use in a PKCS#11 keystore MUST have a mapped certificate with the same CKA_LABEL and CKA_PRIVATE set to false.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.