+

Search Tips   |   Advanced Search

Trust anchor settings

Use this page to specify the trust anchor configuration. These trust anchor certificates are used to validate the X.509 certificate embedded in the SOAP message.

Trust anchors point to keystores containing trusted root or self-signed certificates. We specify the name for the trust anchor, and the information needed to access a keystore. The application binding uses this name to reference a predefined trust anchor definition in the binding file (or the default).

We can configure a trust anchor when editing a default cell or server binding, or we can configure bindings for specific application token and message parts required by a policy set.

To edit a default cell binding...

To set application specific bindings for tokens and message parts that are required by the policy set...

We must have previously attached a policy set and assigned a application specific binding.

This administrative console page applies only to JAX-WS applications.


Name

Unique name used by the application binding to reference a predefined trust anchor definition in the default binding.

A trust anchor specifies the keystore containing trusted root certificates. This field displays the name for the trust anchor that is being edited. For a new trust anchor configuration, enter a unique name.

Keystore files contain public and private keys, root certificate authority (CA) certificates, the intermediate CA certificate, and so on. Keys that are retrieved from the keystore files are used to sign and validate or encrypt and decrypt messages or message parts.

Information Value
Data type: String


Centrally managed keystore

Specifies to use a centrally managed keystore. After selecting the Centrally managed keystore option, choose one of the centrally managed keystore names from the list. Centrally managed keystores can be managed in the administrative console by clicking these links: Security > SSL certificate and key management > Key stores and certificates.

Click the radio button to enable the Name field. Select a keystore from the list.

Information Value
Data type: Radio button
Default value: Unselected


External keystore

Specifies a keystore using a keystore path, keystore type and keystore password. The keystore file format is determined by the keystore type. The default trust anchor in the default binding uses an external keystore.

Select the radio button to enable an external keystore.

Information Value
Data type: Radio button
Default value: Selected


Related tasks

  • Define and manage policy set bindings
  • Manage policy sets using the administrative console

    Application policy sets collection

    Application policy set settings

    Search attached applications collection

    Policy set bindings settings