Complex software systems that include multiple software application components (such as Java® 2 Enterprise Edition (“J2EE”) systems) generally require that each software application component be able to establish secure communications with each other, such as secure sockets layer (“SSL”) communication, encryption, or message protection. In the context of secure communication, software systems generally rely on public key infrastructure (“PKI”)-based communications, which generally require the presentation of a cryptographic key or certificate, authorization of the key or certificate, and a secure exchange of information between the two or more software application components.
“Keystores” can be used to store cryptographic keys and certificates for such secure communications, where a “keystore” is defined as a storage entity that is configured to store cryptographic keys and certificates, where the storage entity is stored within a repository. A common repository example for a keystore is a physical computer file (also identified as a file) on a file system. Other repository examples for a keystore are a lightweight directory access protocol (“LDAP”) server, a database, or a hardware device (e.g., a hardware storage module).
However, even though a PKI infrastructure allows for generation of a key or certificate, the PKI infrastructure does not address how to manage the storage of the key or certificate (i.e., how to manage the keystore). Management of such a keystore, especially a keystore that is stored in a file, in the past, has generally been accomplished by using a command line tool (e.g., a “Java Development Kit (“JDK”) keytool”), which is executed on a physical machine or device where the keystore is present. Such an execution generally requires physical access to the machine or device. Thus, in general, managing the keystore has previously required access to the machine or device where the keystore is present.