WAS v8.5 > Secure applications > Secure communicationsCreate a keystore configuration for a preexisting keystore file
An SSL configuration references keystore configurations during security processing. If another keystone tool is used to create a keystore file, or the keystone file was saved from a previous configuration, create a new keystone configuration object that references the preexisting keystone file. The server then uses this new keystone configuration object to obtain information from the preexisting keystone file.
A keystore must already exist.
Alternative Method: To create a keystore using wsadmin, use the createKeyStore command of AdminTask. For more information, see the KeyStoreCommands command group for AdminTask article.
Complete the following steps in the dmgr console:
- Click Security > SSL certificate and key management > Manage endpoint security configurations > {Inbound | Outbound}.
- Under Related Items, click Key stores and certificates, then click New.
- Type a name in the Name field. This name uniquely identifies the keystore in the configuration.
- Type the location of the keystore file in the Path field. The location can be a file name or a file URL to an existing keystore file.
- Type the keystore password in the Password field. This password is for the keystore file that you specified in the Path field.
- Type the keystore password again in the Confirm Password field to confirm the password.
- Select a keystore type from the list. The type that you select is for the keystore file that you specified in the Path field.
- Select any of the following optional selections:
- The Read only selection creates a keystore configuration object but does not create a keystore file. If this option is selected, the keystore file that you specified in the Path field must already exist.
- The Initialize at startup selection initializes the keystore during runtime.
- The Enable cryptographic operations on a hardware device specifies whether a hardware cryptographic device is used for cryptographic operations only.
Operations that require login are not supported when using this option.
- Click Apply and Save.
Results
You have created a keystore configuration object for the keystore file that you specified. This keystore can now be used in an SSL configuration.
Subtopics
- Configure a hardware cryptographic keystore
We can create a hardware cryptographic keystore that WAS can use to provide cryptographic token support in the server configuration.- Manage keystore configurations remotely
We can manage keystores remotely in a WAS, Network Deployment environment on separate machines. A node server can hold the configuration for a keystore, while the actual keystore resides on another system. After you set up a remotely managed configuration, we can perform all of the certificate and keystore operations for the keystore on the remote machine from the server containing the keystore remote configuration.- Keystores and certificates page
Use this page to manage keystore types, including cryptography, Resource Access Control Facility (RACF ) , Certificate Management Services (CMS), Java, and all trust store types.- Key store settings
Use this page to create all keystore types, including cryptographic, Resource Access Control Facility (RACF), Certificate Management Services (CMS), Java, and all truststore types.- Key managers page
Use this page to define the implementation settings for key managers. A key manager is invoked during a SSL handshake to determine which certificate alias is used. The default key manager (WSX509KeyManager) performs alias selection. If more advanced function is desired, define a custom key manager on the Manage endpoint security configurations panel.- Key managers settings
Use this page to define key managers implementation settings. A key manager gets invoked during an SSL handshake to determine the certificate alias to be used. The default key manager (WSX509KeyManager) performs alias selection. If more advanced function is desired, a custom key manager can be specified here and selected in the SSL configuration.- Configure a hardware cryptographic keystore
We can create a hardware cryptographic keystore that WAS can use to provide cryptographic token support in the server configuration.- Manage keystore configurations remotely
We can manage keystores remotely in a WAS, Network Deployment environment on separate machines. A node server can hold the configuration for a keystore, while the actual keystore resides on another system. After you set up a remotely managed configuration, we can perform all of the certificate and keystore operations for the keystore on the remote machine from the server containing the keystore remote configuration.- Keystores and certificates page
Use this page to manage keystore types, including cryptography, Resource Access Control Facility (RACF) , Certificate Management Services (CMS), Java, and all trust store types.- Key store settings
Use this page to create all keystore types, including cryptographic, Resource Access Control Facility (RACF), Certificate Management Services (CMS), Java, and all truststore types.- Key managers page
Use this page to define the implementation settings for key managers. A key manager is invoked during a Secure Sockets Layer (SSL) handshake to determine which certificate alias is used. The default key manager (WSX509KeyManager) performs alias selection. If more advanced function is desired, define a custom key manager on the Manage endpoint security configurations panel.- Key managers settings
Use this page to define key managers implementation settings. A key manager gets invoked during an SSL handshake to determine the certificate alias to be used. The default key manager (WSX509KeyManager) performs alias selection. If more advanced function is desired, a custom key manager can be specified here and selected in the SSL configuration.
Related concepts:
Keystore configurations for SSL
SSL configurations
Reference:
Keystores and certificates exchange signers
KeyStoreCommands command group for AdminTask