Skip to main content

Verifying hotfix authenticity by using a Pega Keystore

Suggest edit
Updated on June 30, 2022

Configure a Pega Keystore to serve as an alternative if your application server does not use your operating system's truststore and if the truststore that you pass into your JDK does not include the correct certificate.

This functionality is available in the following Pega Platform versions:

  • 8.5.6 and later
  • 8.6.4 and later
  • 8.7.2 and later
If your system runs a different Pega Platform version, ensure that the DigiCert Assured ID Root CA root certificate is included in your JVM truststore. For more information, see Automatically verifying hotfix files during installation.
  1. Create a Pega Keystore with the DigiCert Assured ID Root CA root certificate:
    1. Go to DigiCert Trusted Root Authority Certificates page, and then download the DigiCertAssuredIDRootCA.crt file by selecting the Download DER/CRT link for the DigiCert Assured ID Root CA certificate.
    2. Using the Keytool utility, create a Java KeyStore (JKS) with the DigiCert root certificate:
      keytool -import -trustcacerts -keystore pegahotfixkeystore.jks -file DigiCertAssuredIDRootCA.crt -alias pegahotfix
    3. At the password prompt, enter your preferred password.
  2. Create a Pega Keystore data instance to store the keystore file.
    1. In Dev Studio, create a new instance of the class Data-Admin-Security-Keystore by filling in the Keystore short description and Keystore fields.For example: To create a hotfix keystore, in the Keystore field, enter pegahotfixkeystore, and then, in the Keystore short description field, enter Pega Hotfix Keystore.
    2. Click Create and open.
    3. In the Main tab of the new rule form, set the Keystore location parameter to Upload file.
    4. Click the Upload file button, and then select the generated pegahotfixkeystore.jks file on your local system.
    5. In the Keystore type field, enter JKS.
    6. In the Keystore password field, enter the password that you set in Step 1c.
    7. Click Save.
  3. Create a new dynamic system setting to refer to the Pega Keystore data instance.
    1. In Dev Studio, create a new instance of the class Data-Admin-System-Setting with the following information:
      • Dynamic System Settings short description: Any meaningful description, for example, Pega Hotfix Keystore Location
      • Owning Ruleset:Pega-UpdateManager
      • Setting Purpose:hotfixmanager/hotfixKeyStore
    2. Click Create and open.
    3. Set the value of this setting to the name of the Pega Keystore data instance that you created in Step 2a, for example, pegahotfixkeystore.
    4. Click Save.
Result: The Hotfix Manager uses this Pega Keystore to verify the authenticity of hotfixes, instead of the system's truststore or a truststore you pass into the JVM.
Did you find this content helpful? YesNo

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us