X.509 Certificates
DataZen allows you to store X.509 certificates for encryption and signature.
Certificates and Connection Strings are stored inside DataZen and are encrypted using AES.
Usage | Storage | Comments |
---|---|---|
HTTP/S Connections | connection string | These certificates are stored encrypted directly as part of the connection string table |
Change Logs | certificate store | These certificates are stored in an encrypted certificate table in DataZen or on the localhost depending on the agent |
Cloud agents do not offer a localhost store for Change Log certificates; all certificates are stored encrypted in the DataZen database.
Connection strings and certificates are encrypted in the DataZen database using AES and a default key encryption key (KEK). You can change the KEK from DataZen Manager at any time; once changed, you cannot revert to the default KEK.
X.509 Certs for HTTP/S Connections
Some HTTP/S endpoints require the use of a X.509 certificate for enhanced security; for example, connecting to ADP require using a certificate. When using a certificate for this purpose, the certificate itself is loaded and saved in its entirety as part of the connection string in DataZen.
When you Copy and Paste connection strings, the full connection is copied in memory including any certificate.
For more information about HTTP/S settings see X.509 Certificates in the HTTP/S section.
X.509 Certs for Change Logs
To manage X.509 certificates for Change Logs, go to Configuration -> Security -> Manage Certificates... in DataZen Manager. You can manage encryption, decryption, and signing certificates from here.
Import a PFX Certificate
To import an existing PFX certificate from disk, choose New -> Import PFX From File and select your certificate. If the certificate is encrypted with a password, you will be prompted to enter it then.
Import Certificate from Store
To import an existing certificate from the Windows Local Machine or User MY store, choose New -> Import from Certificate Store and pick your certificate.
Self-Signed Certs
DataZen allows you to create self-signed certificates directly for encryption or signature. To create a new self-signed certificate, choose New -> Generate Self-Signed Certificate, then choose the desired options for key length.