7.3.1 Stores used by MSS in MSSData/trustedcerts

The keystores in this location include the Management and Security Server certificate + private key, the client certificate + private key, and the imported certificates on the Trusted Certificates list for the terminal emulator client.

The keystores in MSSData/trustedcerts are described in Table 7-1.

  • Keystore location: %ProgramData%/Micro Focus/MSS/MSSData/trustedcerts/

  • Password location: This keystore password is encrypted in the KeyChain (in MSSData/keychain.bcfks).

  • To change this password: Administrative Console > Configure Settings – General Security > Change keystore password

Table 7-1 Stores used by MSS

Keystore

Function

client.bcfks

  • for Reflection for the Web's shared private key

  • A client certificate is used to identify users connecting to the Security Proxy or an SSL/TLS host when either requires client authentication. If all users share the same client certificate, then the Administrative Server can automatically distribute it to Reflection for the Web clients when needed.

rweb.bcfks

  • for the Management and Security Server certificate

  • signs the Security Proxy token

saml.bcfks

  • for SAML authentication

sshclient.bcfks

  • for Reflection for the Web SSH

  • not used by MSS itself

trustedascj.bcfks

  • for outbound HTTPS: Micro Focus Advanced Authentication and Automated Sign-on for Mainframe

  • X.509 authentication client certificate validation and revocation checking

  • used for LDAPS

trustedps.bcfks

  • trust store for Host Access for the Cloud and Reflection for the Web using SSL to host

  • not used by MSS itself

  • When settings are exported from the Security Proxy Wizard, certificates are added to this store.

trustedws.bcfks

  • contains only the public key and certificate from the rweb.bcfks store

  • Certificates from this store are imported by the Security Proxy server into its trustedws.bcfks store.