Add truststore files
A truststore file is a key database file that contains public keys. The public key is stored as a signer certificate. The keys are used for a variety of purposes, including authentication and data integrity. In WAS, adding truststore files to the configuration is different between client and server. For the client, a truststore file is added to a property file, like sas.client.props. For the server, a truststore file is added through the WAS administrative console. Before you add the truststore file to your configuration, ask the following questions:
- If you configure for client authentication using digital certificate, has the public key of the client personal certificate been imported as a signer certificate into the server truststore file?
- Does the truststore file contain all the required signer certificates with respect to the keystore files of the target servers?
- Add a truststore file into a client configuration, by editing the sas.client.props file and setting the following properties...
- com.ibm.ssl.trustStoreType for the truststore format. Range: JKS (default), PKCS12KS, JCEK, JCERACFKS. Use JCERACFKS if you are using a RACF key ring as the truststore.
- com.ibm.ssl.trustStore for a fully qualified path to the truststore file. The truststore file contains the public keys.
- com.ibm.ssl.trustStorePassword for the password to access the truststore file. The com.ibm.ssl.trustStorePassword property should be set to password if you are using a RACF key ring as a trust store.
- Add a truststore file into a server configuration...
- Start the WebSphere administrative console by specifying : http://server_host_name:9090/admin.
- Click Security > SSL.
- Create a new SSL setting alias if one does not exist.
- Select the alias that you want to add into the truststore file.
- Type the Trust File Password for the password to access the truststore file. Type password if you are using a RACF key ring for the trust store.
- Select the Trust File Format for the truststore type. JKS (Default), PKCS12KS, JCEK.
- Click OK and Save to save the configuration.
The SSL configuration alias now contains a valid truststore file for an SSL connection.
- SSL connection for Internet InterORB Protocol (IIOP)
- SSL connection for LDAP
- SSL connection for Hypertext Transfer Protocol (HTTP)
Managing digital certificates
Configuring CSIv2 and SAS authentication protocols