Trust anchor configuration settings

Use this information to configure a trust anchor. Trust anchors point to keystores containing trusted root or self-signed certificates. This information enables you to specify a name for the trust anchor and the information needed to access a keystore. The application binding uses this name to reference a predefined trust anchor definition in the binding file (or the default).

This console page applies only to Java API for XML-based RPC (JAX-RPC) applications. To view this console page for trust anchors on the cell level...

1. Click Security > JAX-WS and JAX-RPC security runtime.

2. Under Additional properties, click Trust anchors.

3. Click New to create a trust anchor or click the name of an existing configuration to modify its settings.

To view this console page for trust anchors on the server level...

1. Click Servers > Server Types > WebSphere application servers > server_name.

2. Under Security, click JAX-WS and JAX-RPC security runtime.

   In a mixed node cell with a server using Websphere Application Server version 6.1 or earlier, click Web services: Default bindings for Web Services Security.

3. Under Additional properties, click Trust anchors.

4. Click New to create a trust anchor or click the name of an existing configuration to modify its settings.

To view this console page for trust anchors on the application level,

1. Click Applications > Application Types > WebSphere enterprise applications > application_name.

2. Under Modules, click Manage modules > URI_name.

3. Under Web Services Security Properties, we can access trust anchors information for the following bindings:

   • For the Response consumer (receiver) binding, click Web services: Client security bindings. Under Response consumer (receiver) binding, click Edit custom.

   • For the Request consumer (receiver) binding, click Web services: Server security bindings. Under Request consumer (receiver) binding, click Edit custom.

4. Under Additional properties, we can access the trust anchors information for the following bindings:

   • For the Response receiver binding, click Web services: Client security bindings. Under Response receiver binding, click Edit.

   • For the Request receiver binding, click Web services: Server security bindings. Under Request receiver binding, click Edit.

5. Under Additional properties, click Trust anchors.

6. Click New to create a trust anchor or click the name of an existing configuration to modify its settings.

Trust anchor name

Unique name used by the application binding to reference a predefined trust anchor definition in the default binding.

Key store configuration name

Name of the key store configuration defined in the keystore settings in secure communications.

Key store password

Password needed to access the key store file.

Key store path

Location of the keystore file.

Use ${USER_INSTALL_ROOT} as this path expands to the WAS path on the machine.

Key store type

Type of keystore file.

Choose from the following options:

JKS

Use this option if you are not using Java Cryptography Extensions (JCE).

JCEKS

Use this option if you are using Java Cryptography Extensions.

(zos) JCERACFKS

Use JCERACFKS if the certificates are stored in a SAF key ring (z/OS only).

PKCS11KS (PKCS11)

Use this format if the keystore uses the PKCS#11 file format. Keystores that use this format might contain RSA keys on cryptographic hardware or might encrypt keys that use cryptographic hardware to ensure protection.

PKCS12KS (PKCS12)

Use this option if the keystore uses the PKCS#12 file format.

Information	Value
Default	JKS
Range	JKS, JCEKS, PKCS11KS (PKCS11), PKCS12KS (PKCS12)

Related tasks

Configure trust anchors for the generator binding on the application level

Trust anchor collection