Informatica recommends that you use the default keystore and truststore only for setup and proof-of-concept use cases. To secure a production environment, use the following guidelines:
Configure a custom keystore and truststore for SAML authentication in a location other than the default directory:
When you assign an alias to the keystore or truststore, do not use "Informatica LLC," which Informatica uses for private key authentication and certificate signing.
Modifying the default SAML keystore or truststore is allowed only when the default directory is configured as the SAML keystore and truststore directory and you want to import private key and certificate entries in the default keystore or truststore.
You cannot use "Informatica LLC" as the alias for new entries in default keystore and truststore. You can use "Informatica LLC" as the alias for custom keystore-truststore entries.
No other operation is allowed for the default keystore and truststore files, including deleting or replacing the files, changing the password of the keystore or truststore, or modifying, removing or replacing the Informatica-generated private key and signing certificate.
If you replaced the default Informatica keystore and truststore files with custom keystore and truststore files in the previous Informatica installation directory structure, you must run the
infasetup UpdateGatewayNode
command to update the locations of the custom keystore and truststore for the domain.