Adding keystore files

 

+

Search Tips   |   Advanced Search

 

A keystore contains both public keys and private keys. Public keys are stored as signer certificates while private keys are stored in the personal certificates. In WebSphere Application Server, adding keystore files to the configuration is different between client and server. For the client, a keystore file is added to a property file like sas.client.props. For the server, a keystore file is added through the WAS administrative console.

 

Before you begin

Before you add the keystore file to your configuration, consider the following questions:

• Is a self-signed or a certificate authority (CA)-signed personal certificate created in the keystore file?

• If you configure client authentication using digital certificates, is the public key of the signed personal certificate imported as a signer certificate into the server truststore file?

 

Add a keystore file into a client configuration

Edit the sas.client.props file and set the following properties:

com.ibm.ssl.keyStoreType	for the keystore format. Range: JKS (default), PKCS12, JCEK
com.ibm.ssl.keyStore	for a fully qualified path to the keystore file. The keystore file contains private keys and sometimes public keys.
com.ibm.ssl.keyStorePassword	for the password to access the keystore file.

 

Add a keystore file into a server configuration

1. Start the administrative console by specifying: http://server_hostname:9060/ibm/console.

2. Click Security > SSL.

3. Optional: Click New JSSE repertoire to create a new Java Secure Sockets Extension (JSSE) repertoire.

4. Select the alias that you want to add into the keystore file.

5. Type in the key file name for the path of the keystore file.

6. Type in the key file password for the password to access the keystore file.

7. Select the key file format for the keystore type.

   Range: JKS (default), PKCS12, or JCEK.

8. Click OK and Save to save the configuration.

 

Result

The SSL configuration alias now has a valid keystore file for an SSL connection.

Note: If the Cryptographic token field is selected and you only want to use cryptographic tokens for your keystore file, leave the Key file name field and the Key file password field blank.

 

Example

• SSL connection for Internet InterORB Protocol (IIOP)

• SSL connection for Lightweight Directory Access Protocol (LDAP)

• SSL connection for Hypertext Transfer Protocol (HTTP)

---

 

See Also

Secure Sockets Layer

 

Related Tasks

Manage digital certificates
Configuring CSIv2 and Security Authentication Service authentication protocols

 

---