# Java KeyStore and Certificates * [Java Keystore](#java-keystore) * [Adding a certificate to the KeyStore](#adding-a-certificate-to-the-keystore) ## Java Keystore JKS or Java KeyStore is used in Flow for some very specific scenarios where encryption is involved and there is a need for asymmetric encryption. Partek Flow is shipped with a Java Keystore on its own, the file is found at .../partek\_flow/distrib/flowkeystore where you may want to add your public and private certificates. ## Adding a certificate to the KeyStore If you already have a certificate please skip to the next step. ### Create a certificate Please place the key in a secure folder. (it is advisable to place in Flow's home directory. eg. /home/flow/keys ``` [~] openssl genrsa -out flow.key 2048 ``` ``` [~] openssl ecparam -genkey -name secp384r1 -out flow.key ``` ``` [~] openssl req -new -x509 -sha256 -key flow.key -out flow.crt -days 3650 ``` These commands above are meant to be used in a terminal. There are other ways to help you make a certificate but they will not going to be mentioned here. If you wish to understand the flags used above please refer to the OpenSSL documentation. ### Import a certificate into flowkeystore For this step you will have to find where the cacerts file is located, it is under the Java installation, if you do not know how to do it contact us and we can help. In the example the cacerts file is located at /usr/lib/jvm/java-11-openjdk-amd64/lib/security/cacerts ``` [~] keytool -import -file /home/flow/.partekflow/keys/flow.key -alias someName -keystore /usr/lib/jvm/java-11-openjdk-amd64/lib/security/cacerts -storepass changeit -noprompt ``` ### Tell the JVM where to find the key We need to tell Partek Flow where the key is located, to do this we will edit a file which contains some of the Flow settings. The file is usually located at /etc/partekflow\.conf if you do not have this file we would advise to use the bashrc file from the system user that runs Partek Flow. At the end of that file please add: ``` export CATALINA_OPTS="$CATALINA_OPTS -Djavax.net.ssl.trustStore=${HOME}/keys" ``` ## Additional Assistance If you need additional assistance, please visit [our support page](http://www.partek.com/support) to submit a help ticket or find phone numbers for regional support. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.partek.illumina.com/partek-flow/installation-guide/java-keystore-and-certificates.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.