Skip to main content
Skip table of contents

Digital Certificate Management

Digital Certificate Management provides you with a central location from which to manage digital certificates. A digital certificate is an attachment to an electronic message used for security purposes. The attachment, which contains a public key and a variety of other identification information, is used to encrypt and decrypt messages to protect them against third party tampering.

PowerSchool Certificates

PowerSchool uses two digital certificates to secure communication with your PowerSchool server. This includes the server certificate used to enable SSL and possibly the client certificate used to access secure web services on other systems.

The PowerSchool server certificate is stored in the keystore. The keystore is a repository where public/private key pairs are stored. The X.509 client certificate may also be stored here if it was issued with a private decryption key. Otherwise, it is stored in the truststore.

For example, Verisign issues a server certificate that also serves as a X.509 client certificate. It contains three parts: the public encryption key, the private decryption key, and the X.509 client certificate. Because the client certificate was issued with a private key, it would be stored in the keystore. StartSSL.com and other providers offer free or low-cost X.509 client certificates that are primarily used to sign emails. These certificates are stand-alone and rely on the root certificate for the Certificate Authority to be trusted. Therefore, they would be stored in the truststore.

Import a PowerSchool Certificate

  1. Navigate to the Digital Certificates page.
  2. Select the Key Store tab, if needed.
  3. Use the following table to enter information in the Import Digital Certificate fields:

    Field

    Description

    Select an Option

    Do one of the following:

    • Choose I have a public and private key pair if you have your public key in one file and your private key in another file.
    • Choose I have one file and a password if you have your private key and certificate authority (CA) signed certificate (such as Verisign, Start SSL) in the same file and the private key is password protected.
    • Choose I have one file and no password if you have your private key and CA signed certificate in the same file and the private key is not password protected.
    • Choose I have two files and a password if you have your private key in one file and CA signed certificate in another file and the private key is password protected.
    • Choose I have two files and no password if you have your private key in one file and CA signed certificate in another file and the private key is not password protected.
    • Choose I would like to create and import a self-assigned certificate if you want to create a private key and self signed certificate. This option is used for test purposes. For example, you may want to test SSL or SAML communication between PowerSchool and NTC servers before setting up a production server.

    If you generated the private key yourself using a command line tool, such as keytool, openssl, CertReq.exe, etc., or CA provided tool, such as Verisign, then you already know if the private key is password protected or not. If the private key was given to you by another person, such as from your IT department, that person should indicate if the private key is password protected or not and if it is, what the password is.

    Once you select an option, the appropriate fields display.

    Certificate Name

    Enter a name for the PowerSchool certificate to be used in lists.

    Do not use [System] in the name, as it is reserved by PowerSchool. If [System] is entered, the following message appears, "Certificate name cannot start with [System]".

    This field only appears if applicable to the selected option.

    File 1

    Click Choose File and select a certificate.

    This field only appears if applicable to the selected option.

    File 2

    Click Choose File and select a certificate.

    This field only appears if applicable to the selected option.

    Key Pair Name

    Enter a name for the PowerSchool key pair to be used in lists.

    This field only appears if applicable to the selected option.

    Password

    Enter your password.

    This field only appears if applicable to the selected option.

    Public Key

    Click Choose File and select the file that contains a valid public key.

    This field only appears if applicable to the selected option.

    Private Key

    Click Choose File and select the file that contains a valid private key.

    This field only appears if applicable to the selected option.

  4. Click Import.
  5. Enter information and import for each PowerSchool certificate you want to import. The imported PowerSchool certificate or key pair appears in the List of Certificates with Private Key section.
    If a key pair was imported, the key pair appears below the certificates in alphabetical order as [keys] [name].

View a PowerSchool Certificate

  1. Navigate to the Digital Certificates page.
  2. Select the Key Store tab, if needed. The List of Certificates with Private Key section displays the following information:

    Field

    Description

    [Status]

    The status/validity of the certificate or key pair:

    • Checkmark indicates the certificate is valid.
    • Exclamation mark indicates the certificate will expire in next 30 days.
    • Double exclamation mark indicates the certificate is invalid.

    Certificate Names

    The name of the certificate or key pair.

    Actions

    Actions that can be taken for the certificate or key pair.

  3. Click View next to the name of the PowerSchool certificate or key pair you want to view.

Export a PowerSchool Certificate

  1. Navigate to the Digital Certificates page.
  2. Select the Key Store tab, if needed.
  3. In the List of Certificates with Private Key section, click Export next to the name of the PowerSchool certificate or key pair you want to export. The PowerSchool certificate is then saved to your Downloads folder.

Delete a PowerSchool Certificate

  1. Navigate to the Digital Certificates page.
  2. Select the Key Store tab, if needed.
  3. In the List of Certificates with Private Key section, click Delete next to the name of the PowerSchool certificate or key pair you want to remove. 
  4. Click Yes

External Server Certificates

External server certificates are the digital certificates of servers that you want your PowerSchool server to trust and be able to communicate with.

External server certificates are stored in the Trust Store. The Trust Store is a repository where the public certificates of servers that are trusted within the application are stored. These certificates are never used to decrypt data and thus have no need for a private key. These certificates can be the public portion of the server certificate from an external server, or a client X.509 certificate.

Import an External Server Certificate

  1. Navigate to the Digital Certificates page.
  2. Select the User Trust Store tab for non-synced, user certificates.
  3. Use the following table to enter information in the Import Digital Certificate fields:

    Field

    Description

    Certificate Name

    Enter a name for the external server certificate to be used in lists.

    Do not use [System] in the name, as it is reserved by PowerSchool. If [System] is entered, the following message appears, "Certificate name cannot start with [System]".

    Certificate

    Click Choose File and select a certificate.

    If using Firefox or Internet Explorer, Click Browse and select a certificate.

  4. Click Import

View an External Server Certificate

  1. Navigate to the Digital Certificates page.
  2. Do one of the following:
    • Select the User Trust Store tab for non-synced, user certificates.
    • Select the System Trust Store tab for synced, system certificates.

    The List of Certificates without Private Key section displays the following information:

    Field

    Description

    [Status]

    The status/validity of the certificate:

    • Checkmark indicates the certificate is valid.
    • Exclamation mark indicates the certificate will expire in next 30 days.
    • Double exclamation mark indicates the certificate is invalid.

    Certificate Name

    The name of the certificate.

    Actions

    Actions that can be taken for the certificate.

  3. Click View next to the name of certificate you want to view. 

Export an External Server Certificate

  1. Navigate to the Digital Certificates page.
  2. Do one of the following:
    • Select the User Trust Store tab for non-synced, user certificates.
    • Select the System Trust Store tab for synced, system certificates.
  3. In the List of Certificates without Private Key section, click Export next to the name of the certificate you want to export. The certificate is then saved to your Downloads folder.

Delete an External Server Certificate

  1. Navigate to the Digital Certificates page.
  2. Do one of the following:
    • Select the User Trust Store tab for non-synced, user certificates.
    • Select the System Trust Store tab for synced, system certificates.
  3. In the List of Certificates without Private Key section, click Delete next to the name of the certificate you want to remove. 
  4. Click Yes
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.