An apparatus and method for managing keystores is implemented. A distributed
keystore
is established by aggregating individual. The distributed keystore may, be organized
in a multi-level structure, which may be associated with an organizational structure
of an enterprise, or other predetermined partitioning. Additionally, a centralized
management of certificates may be provided, whereby the expiration or revocation
of the certificates may be tracked, and expired or revoked certificates may be
refreshed. The keystore may be updated in response to one or more update events.