Trust managers settings

This page enables you to view and set definitions for trust manager implementation settings. A trust manager is a class that gets invoked during an SSL handshake to make trust decisions about the remote end point. A default trust manager is used to validate the signature and expiration of the certificate. Custom trust managers can be plugged in to perform an extended certificate and hostname check.

To view this admin console page, click Security > SSL certificate and key management > Manage endpoint security configurations > {Inbound | Outbound} > ssl_configuration . Under Related items click Trust managers > New .


Name of the trust manager.

Data type: Text
Default: ibmX509TrustManager


The trust manager selection is available from a Java™ provider that is installed in the file. This provider might be shipped by the JSSE or might be a custom provider that implements the interface.

Default: Enabled


Provider name that has an implementation of the interface. This provider is typically set to IBMJSSE2.

Enabled when Standard is selected.

Default IBMJCE


Algorithm name of the trust manager implemented by the selected provider.

Enabled when Standard is selected.

Default ibmX509 or IbmPKIX
Range ibmX509, IbmPKIX


The trust manager selection is based on a custom implementation class that implements the interface and optionally the interface to obtain additional connection information not otherwise available.

Default: Disabled

Class name

Class that implements the interface. Optionally, the class can implement the interface to get extended information about the connection. The class can use the information to verify the host name and so on.

Enabled when Custom is selected.

Data type: Text


Related tasks

Create an SSL configuration



Trust managers collection