Adding truststore files
Before you begin
A truststore file is a key database file that contains public keys. The public key is stored as a signer certificate. The keys are used for a variety of purposes, including authentication and data integrity. In WebSphere Application Server, adding truststore files to the configuration is different between client and server. For the client, a truststore file is added to a property file, like sas.client.props. For the server, a truststore file is added through the WAS administrative console. Before you add the truststore file to your configuration, ask the following questions:
- If you configure for client authentication using digital certificate, has the public key of the client personal certificate been imported as a signer certificate into the server truststore file?
- Does the truststore file contain all the required signer certificates with respect to the keystore files of the target servers?
- Add a truststore file into a client configuration, by editing the sas.client.props file and setting the following properties:
- com.ibm.ssl.trustStoreType for the truststore format. Range: JKS (default), PKCS12, JCEK, JCERACFKS.
- com.ibm.ssl.trustStore for a fully qualified path to the truststore file. The truststore file contains the public keys.
- com.ibm.ssl.trustStorePassword for the password to access the truststore file.
- Add a truststore file into a server configuration:
- Start the administrative console by specifying : http://server_host_name:9060/ibm/console
- Click Security > SSL.
- Create a new SSL setting alias if one does not exist.
- Select the alias that you want to add into the truststore file.
- Type the trust file name for the path of the truststore file.
- Type the trust file password for the password to access the truststore file.
- Select the trust file format for the truststore type. JKS (Default), PKCS12, JCEK.
- Click OK and Save to save the configuration.
ResultThe SSL configuration alias now contains a valid truststore file for an SSL connection.
- SSL connection for Internet InterORB Protocol (IIOP)
- SSL connection for Lightweight Directory Access Protocol (LDAP)
- SSL connection for Hypertext Transfer Protocol (HTTP)
Secure Sockets Layer
Manage digital certificates
Configuring CSIv2 and Security Authentication Service authentication protocols
WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.
IBM is a trademark of the IBM Corporation in the United States, other countries, or both.