Keystore https:

Theo Kouwenhoven
Theo Kouwenhoven used Ask the Experts™
on
Hi Experts,

We have on our IBM iSeries Server (as/400), some https: connections, that make use of the default kesystore:
/QIBM/USERDATA/ICSS/CERT/SERVER/DEFAULT.KDB

Now we have several environments Development, test1, test2, acceptation, production1 etc.
Is is advisable to make a keystore for each environment with each their own authorization?)
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
VP Technology / Senior Consultant
Commented:
Yes.  Best security practice is to segregate keystores for each environment, since they can have significantly different security requirements and responsible persons.

For example, dev team may own dev environment keys, QA team may own QA keys, and security team may own prod environment keys.
Theo KouwenhovenApplication Consultant

Author

Commented:
Hi Gary,

That's what I though, but I had to convince our system-security-dept
Gary PattersonVP Technology / Senior Consultant
Commented:
You can tell them I said so :-)

- Gary Patterson, CISSP

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial