#Overview

The X.509 Store Service stores and manages PEM-encoded X.509 certificates inside the Enterprise resource tree. It supports both generic certificate entries and VICAL entries for IACA certificates plus complementary metadata.

The service can be used directly through the Enterprise API or attached to the X.509 Certificate Service so issued certificates are persisted automatically.

The X.509 Store Service is controlled by the x509 feature flag. The flag is enabled by default, and the checked-in enterprise _features.conf does not disable it, so the service is available unless you explicitly add x509 to disabledFeatures.

#Service Dependencies

The X.509 Store Service does not require dependency services to operate. It can, however, be attached as a dependency of the X.509 Certificate Service so generated IACA and Document Signer certificates are stored automatically.

#Core Features

Store generic X.509 certificates as base entries.
Store IACA certificates as vical-entry entries with VICAL complementary metadata.
List full stored entries or just stored certificate IDs.
Read, update, and delete stored certificates by full target path.

#Get Started

Setup - Create an X.509 Store service and optionally attach it to an X.509 Certificate Service.
Manage Certificates - Add, list, read, update, and delete stored certificates.

Last updated on March 10, 2026

Usage with Wallet Service Setup