Create truststore files

A truststore file is a key database file that contains the public keys for target servers. The public key is stored as a signer certificate. If the target uses a self-signed certificate, extract the public certificate from the server keystore file. Add the extracted certificate into the truststore file as a signer certificate. For a commercial certificate authority (CA), the CA root certificate is added. The truststore file can be a more publicly accessible key database file that contains all the trusted certificates. Read the documentation located at $WAS_HOME/web/docs/ikeyman/ikmuserguide.pdf for further information.

  1. Start the key management utility (iKeyman), if it is not already running.

  2. Open a new key database file by clicking Key Database File > New from the menu bar.

  3. Click the Key Database Type: JKS(Default), PKCS12, and JCEK. The key database type is the trust file format (or the value of the com.ibm.ssl.trustStoreType property in the sas.client.props file) when you configure the SSL setting for your application.

  4. Type in the file name and location. The full path of this key database file is used as the trust file name (or the value of com.ibm.ssl.trustStore property in the sas.client.props) when you configure the SSL setting for your application.

  5. Click OK to continue.

  6. Type in a password to restrict access to the file. This password is used as the trust file password (or the value of the com.ibm.ssl.trustStorePassword property in the sas.client.props file) when you configure the SSL setting for your application.Do not set an expiration date on the password or save the password to a file. You must reset the password when it expires or protect the password file. This password is used only to release the information stored by the key management utility during run time.

  7. Click OK to continue. The tool now displays all of the available default signer certificates. These are the public keys of the most common CAs. You can add, view or delete signer certificates from this screen.

A new SSL truststore file is created.

 

Usage Scenario

Specify the truststore file in the configuration of WebSphere Application Server. Create a keystore file if one does not exist.

 

See Also

SSL