Adding truststore files

 

Before you begin

A truststore file is a key database file that contains public keys. The public key is stored as a signer certificate. The keys are used for a variety of purposes, including authentication and data integrity. In WebSphere Application Server, adding truststore files to the configuration is different between client and server. For the client, a truststore file is added to a property file, like sas.client.props. For the server, a truststore file is added through the WAS administrative console. Before you add the truststore file to your configuration, ask the following questions:

• If you configure for client authentication using digital certificate, has the public key of the client personal certificate been imported as a signer certificate into the server truststore file?

• Does the truststore file contain all the required signer certificates with respect to the keystore files of the target servers?

 

Procedure

1. Add a truststore file into a client configuration, by editing the sas.client.props file and setting the following properties:

   • com.ibm.ssl.trustStoreType for the truststore format. Range: JKS (default), PKCS12, JCEK, JCERACFKS.

   • com.ibm.ssl.trustStore for a fully qualified path to the truststore file. The truststore file contains the public keys.

   • com.ibm.ssl.trustStorePassword for the password to access the truststore file.

2. Add a truststore file into a server configuration:

   1. Start the administrative console by specifying : http://server_host_name:9060/ibm/console

   2. Click Security > SSL.

   3. Create a new SSL setting alias if one does not exist.

   4. Select the alias that you want to add into the truststore file.

   5. Type the trust file name for the path of the truststore file.

   6. Type the trust file password for the password to access the truststore file.

   7. Select the trust file format for the truststore type. JKS (Default), PKCS12, JCEK.

   8. Click OK and Save to save the configuration.

 

Result

The SSL configuration alias now contains a valid truststore file for an SSL connection.

 

Example

• SSL connection for Internet InterORB Protocol (IIOP)

• SSL connection for Lightweight Directory Access Protocol (LDAP)

• SSL connection for Hypertext Transfer Protocol (HTTP)

---

 

See Also

Secure Sockets Layer

 

Related Tasks

Manage digital certificates
Configuring CSIv2 and Security Authentication Service authentication protocols

 

---