Globally prohibit exporting private keys

By default, Activator prohibits all users (including users with administrator privileges) from exporting X.509 certificates with private keys. This ban encompasses all private keys of X.509 certificates, whether used by communities or embedded servers. This property provides a safeguard against private keys becoming compromised. The property does not affect exporting of public keys.

The control to enable and disable exporting of all private keys is in the crossworks.properties file. The file is located at <Activator_install_directory>\Activator\conf\. The property is:

privateKey.export.enable

The default value of the property is false. All users, by default, are prohibited from exporting private keys. This includes users, such as administrators, who are associated with roles that allow exporting private keys. With this default false setting, user interface options related to exporting private keys no longer display.

To enable global exporting of private keys you must reset the value to true. Even with the property enabled, users can be associated with roles that block exporting private keys.

Changes to the crossworks.properties file take effect upon saving the file. Activator does not have to be restarted.

Note   If the privateKey.export.enable property is deleted from the crossworks.properties file, Activator behaves as though the value is true. This ensures backward compatibility with earlier versions of Activator that do not have the property in the crossworks.properties file.

Related Links