Overview
The X.509 Store Service manages the peristence of X.509 certificates inside the Enterprise resource tree. It supports both generic certificate entries and VICAL entries for IACA certificates.
The service can be used directly through the Enterprise API, attached to the X.509 Certificate Service so issued certificates are persisted automatically, or attached to the VICAL Service as a source of publishable IACA entries.
The X.509 Store Service is controlled by the x509 feature flag. The flag is enabled by default, and the checked-in enterprise _features.conf does not disable it, so the service is available unless you explicitly add x509 to disabledFeatures.
Service Dependencies
The X.509 Store Service does not require dependency services to operate. It can, however, be attached as a dependency of the X.509 Certificate Service so generated IACA and Document Signer certificates are stored automatically.
It can also be attached to the VICAL Service. Each VICAL publication reads all attached stores and includes every stored vical-entry certificate it finds.
Core Features
- Store generic X.509 certificates as
baseentries. - Store IACA certificates as
vical-entryentries with VICAL complementary metadata. - List full stored entries or just stored certificate IDs.
- Read, update, and delete stored certificates by full target path.
- Act as a persistence target for X.509 issuance and as trust-material input for VICAL publication.
Get Started
- Setup - Create an X.509 Store service and optionally attach it to an X.509 Certificate Service.
- Manage Certificates - Add, list, read, update, and delete stored certificates.