About Keystores

Secure Sockets Layer (SSL) certificates and Trusted Root Certification Authorities are placed in keystores on each server where Siebel CRM components are installed.

Siebel CRM uses the following keystores:

• Keystore. This contains the private key and your SSL certificate, in addition to the certificates for the certificate authority (CA) which issues your SSL certificate. The certificate in this keystore is used for securing:

  • Inter-server communication.

  • Communication between your browser and other applications for inbound requests to Siebel CRM.

• Truststore. This contains at least a root certificate for the CA which issues your SSL certificate and it may contain additional Trusted Root Certificates. The certificate in this keystore is used for the following purposes:

  • Inter-server communication between Siebel CRM components. This is accommodated by the certificate from the CA which issues your SSL certificate.

  • Outbound integration. When Siebel CRM makes outbound calls to other services, it uses the root certificates in this file to verify the identity of other services. For example, consider a call originating in Siebel CRM to a Google API. Google's SSL certificate is issued by an intermediate authority (Google Internet Authority G2) whose certificate was issued by the Trusted Root Certification Authority, GeoTrust. In order to trust the Google certificate, Siebel CRM must first trust GeoTrust, and therefore requires that the GeoTrust root CA certificate be imported into the Truststore.