You can import Private Keys and SSL certificates used for two-factor authentication into your instance.
TLS certificates are used for communication with web services, file transfer over WebDAVClient,
or when using dw.net.HTTPClient
or any of the dw.crypto
classes that use a KeyRef
parameter. Salesforce B2C Commerce uses an internal
password to encrypt the instance keystore.
If you have an integration to an external server using SSL/TLS, the SSL certificate
that is installed at the external server must be issued by a Certification Authority (CA) that
the Commerce Cloud B2C Commerce server recognizes. By default, B2C Commerce only recognizes
the root CAs that ship with Oracle's Java platform. However, you can add additional CA
certificates to the customer keystore. Certificates added to the customer keystore are checked
when establishing outbound SSL connections.
-
Select Administration > Operations > Private
Keys.
-
On the Private Keys and Certificates page, you can search for a
certificate or navigate the grid to select one.
Select 10, 25, 50, or 100 items to appear on a page.
-
If you are importing a new version of an existing certificate and want to use the same
alias, you must first delete the existing certificate. Aliases for all entries in the
keystore must be unique.
-
To add a new certificate or private key:
-
Click Import or Upload a
new private key or certificate.
-
In the Import Private Key or Certificate window, enter a
certificate or private key file name, or click
Select... to open the File Upload window
and select the file to import.
Only the following file types are allowed:
- Trusted certificates: .crt .pem .cer .der
- Private Keys: .p12 .pfx
The certificate appears in the certificate
list..
-
To add host names to a private key:
-
Click the dropdown to the right of a private key and select
Manage Hosts.
-
On the Manage Hostnames window, enter the host name, for
example, www.sitegenesis.com, and click
Add.
-
Click Save.
-
If you are importing:
- A trusted certificate (*.crt): enter the following:
- Alias: Enter an alias used to refer to this certificate when
using any of the B2C Commerce script dw.crypto package methods
that specify an alias. The alias shouldn't contain spaces or
special characters in B2C Commerce script. B2C Commerce tells
you if the alias isn't unique for your instance.
- A private key (*.p12): enter the following:
- Source Password: Enter a password for the encryption of the
key file entered in the instance keystore.
- Alias: enter an alias used to refer to this certificate when
using any of the B2C Commerce script dw.crypto package methods
that specify an alias. The alias shouldn't contain spaces or
special characters in B2C Commerce script. B2C Commerce tells
you if the alias isn't unique for your instance. You might want
to include the web service name or service provider name.
- Host Names: If you are using the key or certificate for
transport layer security, enter the DNS name of the server as
reached by the client. For example:
www.paypal.com. B2C Commerce uses the
host name to determine what certificate to use. You can add two
or more host names, separated by a comma. If you importing a
certificate specified by one of the
dw.crypto
package methods that takes a KeyRef argument, you don't need to
enter a hostname.
If you have more than one private key in your keystore, the host name must be set
to the target host you call via dw.net.HTTPClient
or
dw.ws.WSUtil
. Otherwise, B2C Commerce can't guarantee that the
correct client certificate is used for the call.