Private Key Locations

Where private keys are located will affect the actions that you can perform on the keys. Private keys are stored in the following locations:
gateway
Where private keys are located will affect the actions that you can perform on the keys. Private keys are stored in the following locations:
Location
Writable
Notes
Software DB
Yes
This is a software keystore that is stored in the database, as a PKCS#12 keystore.
SafeNet Luna HSM
Yes
This is an optional hardware security module that can be purchased and configured to work with the
Layer7 API Gateway
(all form factors). When enabled, the SafeNet HSM overrides any other keystore on the
Layer7 API Gateway
.
By default, an SSL private key is created, with Alias "ssl" and Subject "CN=<
gateway_hostname
>". This initial default SSL key, as well as any subsequent created keys, are all created in Software DB. Keys in the Software DB are writable, meaning they can be destroyed and their certificate chains can be destroyed. If all keys are destroyed using the Manage Private Keys task, the original default SSL key is recreated once the
Layer7 API Gateway
is restarted (with Alias="ssl"; Subject="<
gateway_hostname
>").
For information on configuring a CA key for the cluster, see Manage Private Keys. You will use this task to create a new CA-capable key and then set it as the default.
If you create or import any custom private keys, they will be stored in the "Software DB" location. These keys can be destroyed or modified.