Creating truststore files

 

Creating truststore files

A truststore file is a key database file that contains the public keys for target servers. The public key is stored as a signer certificate. If the target uses a self-signed certificate, extract the public certificate from the server keystore file. Add the extracted certificate into the truststore file as a signer certificate. For a commercial certificate authority (CA), the CA root certificate is added. The truststore file can be a more publicly accessible key database file that contains all the trusted certificates.

Read the documentation located at http://www.ibm.com/developerworks/java/jdk/security/iKeymanDocs.zip for further information.

  1. Start the key management utility (iKeyman), if it is not already running.

  2. Open a new key database file by clicking Key Database File > New from the menu bar.

  3. Click the Key Database Type : JKS(Default), PKCS12, JCEKS, or JCERACFKS (z/OS only). The key database type is the trust file format (or the value of the com.ibm.ssl.trustStoreType property in the sas.client.props file) when you configure the SSL setting for your application.

  4. Type in the file name and location. The full path of this key database file is used as the trust file name (or the value of com.ibm.ssl.trustStore property in the sas.client.props) when you configure the SSL setting for your application.

  5. Click OK to continue.

  6. Type a password to restrict access to the file. This password is used as the trust file password (or the value of the com.ibm.ssl.trustStorePassword property in the sas.client.props file) when you configure the SSL setting for your application. Do not set an expiration date on the password or save the password to a file. You must reset the password when it expires or protect the password file. This password is used only to release the information stored by the key management utility during run time.

  7. Click OK to continue. The tool now displays all of the available default signer certificates. These are the public keys of the most common CAs. You can add, view or delete signer certificates from this screen.

Result A new SSL truststore file is created.

 

What to do next

Prepare truststore files for an SSL connection. Specify the truststore file in the configuration of WebSphere Application Server. Create a keystore file if one does not exist.



Sub-topics

Preparing truststore files

Importing signer certificates

Related concepts

Secure Sockets Layer

Related tasks

Managing digital certificates



Searchable topic ID: tsec_truststore