This article describes how to manage keystores in Nexus Timestamp Server.
A keystore contains a private key, a corresponding subject certificate and optionally one or more issuer (CA) certificates. Nexus Timestamp Server accepts two different keystore formats, PKCS#12 and JKS (Java KeyStore), as well as PKCS#11 libraries for HSM support.
- JKS keystores
Manage JKS keystores with keytool which is a tool included in the Java JRE/JDK as <javadir>/bin/keytool.
- PKCS#12 keystores
Manage PKCS#12 keystores with a tool such as openssl or Smart ID Certificate Manager.
PKCS#11 keystores
Manage PKCS#11 keystores with the bundled tool hwsetup, see Initialize Hardware Security Module in Timestamp Server, or tools from the HSM vendor. See documentation and explanations from the vendor for a complete reference.